Office of Personnel Management Data Breach

OPMLogoLast night’s national news alerted us to the data breach that occurred at the Office of Personnel Management (OPM) in April of this year. Reportedly current and former federal employees personal information may have been compromised. OPM handles all aspects of a federal civilians career and federal civilian employees of many agencies are likely affected. OPM stated in their announcement that beginning 8 June and continuing through June 19, they would be sending notifications to approximately 4 million individuals whose personally identifiable information was potentially compromised. “The email will come from opmcio@

csid

.com and it will contain information regarding credit monitoring and identity theft protection services being provided for 18 months (at no cost to the employee) to those Federal employees impacted by the data breach.” Visit our identity theft page for steps to take to protect yourself: http://ellsworthafrc.org/programs/finances/idtheft/


Below is the full announcement from the OPM: Source: http://www.opm.gov/news/latest-news/announcements/

Information About the Recent Cybersecurity Incident

June 4, 2015

The U.S. Office of Personnel Management (OPM) recently became aware of a cybersecurity incident affecting its systems and data that may have compromised the personal information of current and former Federal employees. Within the last year, OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks. As a result, in April 2015, OPM became aware of the incident affecting its information technology (IT) systems and data that predated the adoption of these security controls. Since the incident was identified, OPM has partnered with the U.S. Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT), and the Federal Bureau of Investigation to determine the impact to Federal personnel.  And OPM immediately implemented additional security measures to protect the sensitive information it manages. Beginning June 8 and continuing through June 19, OPM will be sending notifications to approximately 4 million individuals whose Personally Identifiable Information was potentially compromised in this incident.  The email will come from opmcio@csid.com and it will contain information regarding credit monitoring and identity theft protection services being provided to those Federal employees impacted by the data breach. In the event OPM does not have an email address for the individual on file, a standard letter will be sent via the U.S. Postal Service. In order to mitigate the risk of fraud and identity theft, OPM is offering affected individuals credit monitoring services and identity theft insurance with CSID, a company that specializes in identity theft protection and fraud resolution.  This comprehensive, 18-month membership includes credit report access, credit monitoring, identity theft insurance, and recovery services and is available immediately at no cost to affected individuals identified by OPM. Additional information is available beginning at 8 a.m. CST on June 8, 2015 on the company’s website, csid.com/opm, and by calling toll-free 844-222-2743 (International callers: call collect 512-327-0700).

Steps for Monitoring Your Identity and Financial Information

  • Monitor financial account statements and immediately report any suspicious or unusual activity to financial institutions.
  • Request a free credit report at AnnualCreditReport.com or by calling 1-877-322-8228.  Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus – Equifax®, Experian®, and TransUnion® – for a total of three reports every year.  Contact information for the credit bureaus can be found on the Federal Trade Commission (FTC) website, ftc.gov.
  • Review resources provided on the FTC identity theft website, identitytheft.gov.  The FTC maintains a variety of consumer publications providing comprehensive information on computer intrusions and identity theft.
  • You may place a fraud alert on your credit file to let creditors know to contact you before opening a new account in your name.  Simply call TransUnion® at 1-800-680-7289 to place this alert.  TransUnion® will then notify the other two credit bureaus on your behalf.

Tips to Avoid Being a Victim of Tax Identity Theft

456932192_89f66d45c6This week is Tax Identity Theft Awareness Week. Tax identity theft happens when someone files a fake tax return using your personal information — like your Social Security number — to get a tax refund or a job. Here are some tips to help you lessen the chance you’ll be a victim and learn what to do if you are.

Tip #1:  File early in the tax season — if you can — to get your refund before identity thieves do. When you file, make sure you use a secure internet connection or mail your tax return directly from the post office to make it more difficult for thieves to get their hands on your personal information. Learn more at ftc.gov/taxidtheft and irs.gov/identitytheft.

Tip #2: What should you do if you think your Social Security number has been stolen? Or if you get a letter from the IRS saying more than one tax return was filed in your name, or that IRS records show wages from an employer you don’t know? Call the IRS Identity Theft Protection Specialized Unit at 1-800-908-4490. Report the fraud and ask for IRS ID Theft Affidavit Form 14039.  If you are a tax identity theft victim, the IRS may give you a personal PIN number to verify your identity and protect your file going forward. Learn more at ftc.gov/taxidtheft and irs.gov/identitytheft.

Tip #3: Have you heard about IRS imposters? Tax scammers posing as the IRS call and say you owe taxes, and threaten to arrest you if you don’t pay right away. They might know all or part of your Social Security number, and they can rig caller ID to make it look like the IRS is calling. Before you can investigate, they tell you to put the money on a prepaid debit card and tell them the card number. The IRS won’t ask you to pay with prepaid debit cards or wire transfers, and won’t ask for a credit card number over the phone. If the IRS needs to contact you, they will first do it by mail. If you have any doubts, call the IRS directly. Learn more at ftc.gov/taxidtheft and irs.gov/identitytheft.

Tip #4: Here are some other tips to lessen the chance you’ll be a victim of tax identity theft:

  • Always protect your Social Security number or Medicare card number: don’t give it out unless you have to, and always ask why it’s needed, how it’s going to be used, and how it will be stored.
  • Shred old taxes returns you’re no longer required to keep, as well as draft returns, extra copies, and calculation sheets.
  • Ask for recommendations and research tax preparers before you turn your personal information over to them.

Tip #5: Once tax identity thieves have your Social Security number and personal information, they can use them to commit other forms of identity theft, such as opening new financial accounts in your name. For steps you can take to deal with identity theft, go to ftc.gov/idtheft. Also remember to check your credit report annually. It’s free at annualcreditreport.com.

Credit Card Skimmer Victims: How much you lose depends on your actions!

On 10 April, Rapid City Police announced they are investigating a series of credit card skimmers found inside pumps at several area gas stations. They stated that the skimmers they’ve found so far have been inside the pumps where they’re not visible to consumers.

You are recommended to  monitor your credit cards and bank accounts (a practice we encourage for everyone, all the time). If you notice any fraudulent activity, report it to your financial institution immediately.

In fact, how much you lose depends on the card you used and how quickly you report the problem.

LIMITYOURLOSSESMany ATM/Debit Cards issuers have voluntarily agreed that an account holder will not owe more than $50 for transactions made with a lost or stolen ATM or debit card. However, under the law, the amount you can lose depends on how quickly you report the loss.

For credit cards, you loss is limited to $50 as long as you dispute the fraudulent charges within 60 days of receiving your bill.

For a better understanding of gas pump credit card skimmers here is a story by ABC News from August 2013 showing how the skimmers work and how your are at risk.

Credit Card / Debit Card Data Stolen From Target

targetMINNEAPOLIS (AP) – Target says that about 40 million credit and debit card accounts may have been affected by a data breach that occurred just as the holiday shopping season shifted into high gear. The chain said that accounts of customers who made purchases using their cards at its U.S. stores between Nov. 27 and Dec. 15 may
have been exposed. The stolen data includes customer names, credit and …

Read more at: http://m.apnews.com/ap/db_289563/contentdetail.htm?contentguid=Uq5EbaNz

Warning from Thrift Savings Plan: TSP App Could be Security Risk

TSPfundsWarning: Apple App store offering TSP App not sanctioned by TSP —  A free iPhone App, TSP Funds, currently being offered through the Apple App store asks TSP participants for their account login information. This app is not being offered through the TSP and the TSP does not recommend using this application to access your TSP account. Providing this information could result in a security risk to your account.

Source: www.TSP.gov

This Week is Military Saves Week!

MilitarySavesImage2013_400February 25-March 1 is Military Saves Week and the Ellsworth AFB Airman & Family Readiness Center is hosting a financial seminar every day from 1130-1230 at the Deployment Center Auditorium. Why not spend your lunch learning how to improve your finances? No registration is required, All seminars are FREE for the Ellsworth AFB Community!

Seminar Schedule is as follows:

Monday, 25 FEB – 11:30 AM—12:30PM
Life Insurance & Survivor Benefit Plan

Tuesday, 26 FEB – 11:30 AM—12:30PM
Investing & Thrift Savings Plan

Wednesday, 27 FEB – 11:30 AM—12:30PM
Scholarships & Financing College

Thursday, 28 FEB – 11:30 AM—12:30PM
Identity Theft & Your Credit

Friday, 1 MAR – 11:30 AM—12:30PM
What Are YOU Saving For?

Phishing attempt involving DFAS identified

Beware – scam emails – that appear to be sent by DFAS employees!

There are emails being sent to individuals, including military members, military retirees, and civilian employees, which appear to be sent by a DFAS employee.  Although the email appears to come from a DFAS employee and displays a dot mil address it is actually from a non-government email account.  This is an example of what’s called “spoofing.”

The emails indicate that individuals who are receiving disability compensation from the Department of Veterans Affairs (VA) may be able to obtain additional funds from the Internal Revenue Service (IRS).  These emails are not issued by DFAS and will likely result in a financial loss if you comply with the suggestions in the email.  Bottom line – do not send your personal information or copies of your tax returns and 1099s to the individual listed in the email.

The email indicates that individuals receiving VA disability compensation can receive additional funds from the IRS.  The email states that such funds can be obtained by sending copies of your VA award letter, your income tax returns, your 1099-Rs, your RAS statements, and a copy of your DD 214, to a so-called retired Colonel at an address in Florida.  Do NOT follow the suggestions in the email because you will be providing a significant amount of your personal information to a complete stranger, which could result in a financial loss to you.

DFAS has posted information on Facebook and they have also posted some info on the www.dfas.mil website.