ALEXANDRIA, Va.—The data breach at the U.S. Office of Personnel Management (OPM) may have reached records of some current and former NCUA staff, the CU regulator reports.
Last week NCUA informed CUToday.info that the OPM, at that time, had not informed the agency that NCUA employee records and files were involved in the massive computer hack of the federal government.
Chinese hackers are suspected of being behind the data breach at the OPM, which essentially functions as the federal government’s human resources department. The attack may have compromised the personal data of some four-million current and former federal employees.
“The Office of Personnel Management has informed the National Credit Union Administration that the recent breach of federal employee data may include some current and former NCUA employees,” said NCUA spokesperson John Fairbanks. “NCUA cares deeply about our employees’ privacy and security, and the agency is working closely with OPM to monitor the effects of the breach and provide employees with tools to help them protect themselves.”
Thought to be among the largest known thefts of government data in history, cyber-thieves reportedly stole credit card data, banking records, and other forms of financial information from the OPM, affecting people across the spectrum of the federal government—data that can be used to facilitate identity theft or fraud.
Many of the victims are likely members of credit unions that serve federal agencies.
The OPM reported that last year it had updated its cybersecurity defenses, adding numerous tools and capabilities to its networks, which the OPM stated made the agency aware of the incident in April.
The OPM is restricting the number of federal employees who can access government networks remotely and deploying new anti-malware software.
Since the incident was identified, OPM has partnered with the U.S. Department of Homeland Security’s U.S. Computer Emergency Readiness Team and the FBI to determine the impact to federal personnel, the OPM stated on its website. OPM said it has immediately implemented additional security measures to protect the sensitive information it manages.
OPM said that beginning June 8 and continuing through June 19, it will be sending notifications to approximately four-million individuals whose personal information was potentially compromised in the incident, offering free credit monitoring and identity theft protection services.