opmhack-640x360

Fewer than a quarter of 21 million federal workers hit by a major computer hack have been officially told that their personal information was compromised, six months after the breach was detected, a U.S. government official recently said.

About 5 million notifications have been sent out to hack victims so far, a spokesperson for the U.S. Office of Personnel Management (OPM) told Reuters in an email.

The slowness of the notification process underscores Washington's struggles in dealing with its computer vulnerabilities, a growing problem that the Obama administration has been trying to address.

After it fell victim to two successive cyberattacks, both begun in 2014 and revealed earlier this year, OPM was roundly criticized by lawmakers for its response.

The Defense Information Systems Agency in September awarded a $1.8 million contract to Advanced Onion, a technology firm, to help locate and notify victims of the OPM breach, which exposed names, addresses, Social Security numbers and other sensitive information of current and former federal employees and contractors. About 5.6 million fingerprints were pilfered, an upwardly revised number from an initial estimate of 1.1 million.

The notification process for the smaller of the two breaches, which affected 4.2 million individuals, raised alarm when victims were asked to follow instructions online in prompts that some said resembled phishing scams. Others complained of long wait times with support call centers. That episode prompted the government to pursue Advanced Onion to deal with the larger breach, a process that took several months.

It has been six months since the larger OPM hack was detected, and more than a year and a half since hackers first infiltrated the agency's data banks.

Officials have offered three years of credit monitoring and identify-theft monitoring services to hacked employees.

Read the full article here.

Please contact Hadley Matarazzo at (585) 325-5150 or click here to email her for a free legal consultation if you believe you may be a victim of a data breach and are eligible for a consumer protection claim.