Posted on Oct 11, 2015
Have you heard that OPM is sending written notice if your information got hacked by the Chinese?
97.6K
22
33
3
3
0
The Office of Personnel Management got hacked and several many millions of names were obtained. The OPM director resigned. There is now a vendor in place, MyID Care. They won the contract to provide credit monitoring and identity theft protection at no charge to victims. I checked the web site, looked at the notice of bids, the announcement of selection and all the rest. This is a good deal and members notified need to take advantage of this free for you protection. https://www.opm.gov/blogs/Director/2015/10/1/Notifying-Those-Impacted-by-the-Recent-Cyber-Intrusion/
Posted in these groups: 
Cyber
Identity Theft
Cyber Identity Theft
Edited 10 y ago
Posted 10 y ago
Responses: 14
2
2
0
I received mine yesterday - 3 years of credit monitoring for my daughter and I. Chinese have our PII and the USG is only going to cover 3 years worth of credit monitoring. That's a sad gesture imo. They honestly should provide lifetime monitoring due to their negligence.
(2)
(0)
1
1
0
I just got a letter from OPM and went to the web site. Is this for real? If they know who I am and can send me a letter why do they need all the information someone would need to steal my Identity? How do we know if this site isn't doing what they say they are protecting us against?
(1)
(0)
CSM Brian Vanwagner
Maj Mike Sciales - Just got off the phone with OPM and they did validate the fact that myIDcare is legitimate. Just seemed very strange until they explained the reason why this company was not given the important information needed. Thanks for the quick response.
(2)
(0)
Maj Mike Sciales
CSM Brian Vanwagner - Thanks for validating this. It sucks getting hacked, and I know some people don't think this credit monitoring is adequate, but this is the first time the government ever responded in a timely manner with a useful offer of assistance under the circumstances. Or like some of my favorite young troops used to say "guess this beats a swift kick in the ass."
(0)
(0)
Lola L
I have searched on line regarding this action. In the letter it says it says that OPM and ID experts wouldn't ask for personal info. They advise in the letter: "If you are contacted by anyone asking for your personal info in relation to this incident, do not provide it" And that is what they do after you enter the PIN???!!! And it was not mentioned in the letter, that they will ask that. After I read the letter, I thought, oh, that's cool, I just give them that PIN and they will know who I am. I was in a shock they are acting exactly like a phishing scam.
Like the most people, it makes me extremely uncomfortable that after the data breach they ask me to enter on line my SSN, address, DOB.
Even if myIDcare is legit, doesn't OPM already have all our info? Why would we need to expose our info once again? If Chinese were able to hack government info, why wouldn't they hack myIDcare? Either way it is all gamble.
Here is what some other reviewers are saying:
1. I find it interesting that to combat the data breach, we are being advised to access yet another website and to release yet more personal information to a new website. Ironic, eh?
2. I got a letter also to enter PIN number. I figured if I entered pin it would display my personal info and it didn't. I had to renter my info. How stupid is that. Red flag or typical way government works! Scary! No thanks
3. I'm just glad their pages are secure -- or are they? What happened to the padlock on the PII page? Unsecure data on a secure page? Typing the information into the fields is unsecure until submitted, so why is this not hidden? I tried to call the helpdesk -- was on hold for an hour before I hung up, but I am sure they would have "assured" me it is secure. This company is making hundreds of millions from the US govt -- Podunk company to super-rich player. The DoD has terminated the program until CSID fixes it -- guess it took someone with more smarts to make them at least APPEAR to be secure, than just telling people they are.
4. My son actually entered his information, SS, email and when he hit submit it directed him to a phone number because they couldn't "process" his request without verifying his identity. Wanted his email password. I got on the phone and tried to verify them, couldn't and hung up. But he's entered his information! Now what?
5. I too received this letter in the mail last night. I was not cool with entering my SSN so I called the number on the letter, I got some "tool" who didn't know how to answer my questions and was not actually from the government. He transferred me to another "specialist" who assured me that they are a contractor of the government and they will have access to all of my information in order to "protect" me. This includes a 1 Million dollar insurance claim if my identity ever gets compromised. It still sounded fishy to me and I let him know this and hung up.
6. I am really confused. Is this letter the real thing? I just don't want to enter my SSN, OR ANY OTHER INFO. Am I too skeptical???
Like the most people, it makes me extremely uncomfortable that after the data breach they ask me to enter on line my SSN, address, DOB.
Even if myIDcare is legit, doesn't OPM already have all our info? Why would we need to expose our info once again? If Chinese were able to hack government info, why wouldn't they hack myIDcare? Either way it is all gamble.
Here is what some other reviewers are saying:
1. I find it interesting that to combat the data breach, we are being advised to access yet another website and to release yet more personal information to a new website. Ironic, eh?
2. I got a letter also to enter PIN number. I figured if I entered pin it would display my personal info and it didn't. I had to renter my info. How stupid is that. Red flag or typical way government works! Scary! No thanks
3. I'm just glad their pages are secure -- or are they? What happened to the padlock on the PII page? Unsecure data on a secure page? Typing the information into the fields is unsecure until submitted, so why is this not hidden? I tried to call the helpdesk -- was on hold for an hour before I hung up, but I am sure they would have "assured" me it is secure. This company is making hundreds of millions from the US govt -- Podunk company to super-rich player. The DoD has terminated the program until CSID fixes it -- guess it took someone with more smarts to make them at least APPEAR to be secure, than just telling people they are.
4. My son actually entered his information, SS, email and when he hit submit it directed him to a phone number because they couldn't "process" his request without verifying his identity. Wanted his email password. I got on the phone and tried to verify them, couldn't and hung up. But he's entered his information! Now what?
5. I too received this letter in the mail last night. I was not cool with entering my SSN so I called the number on the letter, I got some "tool" who didn't know how to answer my questions and was not actually from the government. He transferred me to another "specialist" who assured me that they are a contractor of the government and they will have access to all of my information in order to "protect" me. This includes a 1 Million dollar insurance claim if my identity ever gets compromised. It still sounded fishy to me and I let him know this and hung up.
6. I am really confused. Is this letter the real thing? I just don't want to enter my SSN, OR ANY OTHER INFO. Am I too skeptical???
(0)
(0)
1
1
0
Maj Mike Sciales
That will take a while! Since thousands of people's information supposedly got hacked I imagine it will be a while before everyone gets their letter.
Since I have an active security clearance to this day, I am almost certain I will be receiving a letter of my own.
That will take a while! Since thousands of people's information supposedly got hacked I imagine it will be a while before everyone gets their letter.
Since I have an active security clearance to this day, I am almost certain I will be receiving a letter of my own.
(1)
(0)
Maj Mike Sciales
Odds are good for you. I look at this as 3 free years of credit monitoring, a $300 value.
(1)
(0)
PO1 John Miller
Maj Mike Sciales
True, but since Experian also recently got hacked I wonder how that credit monitoring will work out?
True, but since Experian also recently got hacked I wonder how that credit monitoring will work out?
(0)
(0)
1
1
0
This is a good deal. If you were impacted by the breach this is something that can help.
(1)
(0)
1
1
0
A little confused as this was done quite some months ago...
I received my notification from OPM, opted for the CSID/OPM credit monitoring and $1Mil insurance (free) for 3 years.
Though your article is dated 1 Oct, I am not familiar with MyID Care or any of the other sites linked in the attached article you have, or that there was a "bid" for this protection.
The CSID/OPM link that I have been using https://www.csid.com/OPM/ is the only one I'm familiar with that was sent to me with the notification letter from OPM, as I said, quite a few months ago... so is this something new?
I received my notification from OPM, opted for the CSID/OPM credit monitoring and $1Mil insurance (free) for 3 years.
Though your article is dated 1 Oct, I am not familiar with MyID Care or any of the other sites linked in the attached article you have, or that there was a "bid" for this protection.
The CSID/OPM link that I have been using https://www.csid.com/OPM/ is the only one I'm familiar with that was sent to me with the notification letter from OPM, as I said, quite a few months ago... so is this something new?
(1)
(0)
Maj Mike Sciales
Yes, this is new. The scope of the breach was several million more than first reported. OPM was working pretty hard to come up with a fix because Congress has been all over them. They put out bids to contractors to monitor your credit. I just signed up and checked the dashboard. It's the real deal and a good deal. Believe me, I was suspicious, that's why I checked.
(1)
(0)
MSgt Curtis Ellis
Maj Mike Sciales - Rgr sir... just checking, as that is a lot of information to put out there about yourself to non gov contractors... I think I'm gonna hold with the CSID/OPM unless it's indicated otherwise. Thanks for the heads up and info! :)
(1)
(0)
Maj Mike Sciales
Just so you know, I looked at the info they provided on me -- credit reports and the like, plus the validation process tells me they already have the meta-data, I'm just setting up for an alert if somebody hacks and I like the fact that it's an intelligent solution to a concern. But people absolutely have to be comfortable with it, so nothing wrong with standing fast.
(1)
(0)
0
0
0
I received a letter for my husband who passed away in March. Should I do anything about this letter to protect him even though he is deceased? I found this site searching for answers on what I should do and if this myIDcare was ligit Thank you if you can assist. He was in the Navy too.
A. Housley
A. Housley
(0)
(0)
0
0
0
I am glad they are taking steps to protect the individuals at risk. However, I fail to see how authorizing their unnamed service providers "WHICH MAY INCLUDE CONSUMERINFO.COM, INC. (“CIC”)" to use my PII at their discretion achieves that end. The fact that the Terms & Conditions do not state which 'service providers' will be authorized to use our Social Security Numbers to access our credit reports, or how they will be using it, is enough to think twice. Also, it is important to note section 4B clearly states we cannot hold them liable for damages if damages are incurred through the use of their service. Finally, CSID reserves the right, in their privacy policy, to share any information collected about you even AFTER you close your account. I fail to see how this will help us in any way.
The Terms & Conditions state, "YOU UNDERSTAND THAT BY ENROLLING IN THE MYIDCARE PROGRAM FOR OPM (THE “OPM PROGRAM”), YOU ARE PROVIDING "WRITTEN INSTRUCTIONS" ... FOR IDEXPERTS, CSIDENTITY CORPORATION (“CSID”) AND THEIR RESPECTIVE SERVICE PROVIDERS, WHICH MAY INCLUDE CONSUMERINFO.COM, INC. (“CIC”), TO OBTAIN INFORMATION FROM YOUR PERSONAL CREDIT PROFILE FROM EXPERIAN, EQUIFAX, AND TRANSUNION,...YOU AUTHORIZE CSID AND ITS SERVICE PROVIDERS TO USE YOUR SOCIAL SECURITY NUMBER TO ACCESS YOUR PERSONAL CREDIT PROFILE, TO VERIFY YOUR IDENTITY, AND TO PROVIDE CREDIT MONITORING, REPORTING AND SCORING PRODUCTS AND TO PROVIDE THE ADDITIONAL PRODUCTS AND/OR SERVICES TO YOU, INCLUDING, BUT NOT LIMITED TO, ADDRESS HISTORY REPORTS, NAME AND ALIAS REPORTS, CRIMINAL OR SEX OFFENDER REPORTS, AND TO PROVIDE MONITORING AND/OR ALERTS TO YOU"
CSID Privacy Policy states, "We may collect personal information from which you can be identified, such as your name, date of birth, postal and e-mail address, phone number, national identifier or social security number (as applicable) and credit card details...We will use this data to access and monitor various data sets that you request us to monitor as part of your identity protection service and for the prevention and detection of fraud. When you close your account, we may continue to share information about you according to our legal and regulatory requirements."
4.B. Disclaimer of Warranties and Limitation of Liability states, "NEITHER ID EXPERTS OR THE SERVICE PROVIDERS NOR ANY OF THEIR RESPECTIVE AFFILIATES SSUME ANY LIABILITY FOR DAMAGES, DIRECT OR INDIRECT, CONSEQUENTIAL OR INCIDENTAL, IN CONNECTION WITH THE PERFORMANCE OF THE SERVICES OR YOUR REQUEST, USE OR ATTEMPTED USE OF THE SERVICES...THE AGGREGATE LIABILITY OF ALL SUCH PARTIES TO YOU IN ANY EVENT IS LIMITED TO THE AMOUNT WHICH HAS BEEN PAID ON YOUR BEHALF FOR YOUR MEMBERSHIP.
...which is Zero. So if they have a security breach they owe us nothing.
The Terms & Conditions state, "YOU UNDERSTAND THAT BY ENROLLING IN THE MYIDCARE PROGRAM FOR OPM (THE “OPM PROGRAM”), YOU ARE PROVIDING "WRITTEN INSTRUCTIONS" ... FOR IDEXPERTS, CSIDENTITY CORPORATION (“CSID”) AND THEIR RESPECTIVE SERVICE PROVIDERS, WHICH MAY INCLUDE CONSUMERINFO.COM, INC. (“CIC”), TO OBTAIN INFORMATION FROM YOUR PERSONAL CREDIT PROFILE FROM EXPERIAN, EQUIFAX, AND TRANSUNION,...YOU AUTHORIZE CSID AND ITS SERVICE PROVIDERS TO USE YOUR SOCIAL SECURITY NUMBER TO ACCESS YOUR PERSONAL CREDIT PROFILE, TO VERIFY YOUR IDENTITY, AND TO PROVIDE CREDIT MONITORING, REPORTING AND SCORING PRODUCTS AND TO PROVIDE THE ADDITIONAL PRODUCTS AND/OR SERVICES TO YOU, INCLUDING, BUT NOT LIMITED TO, ADDRESS HISTORY REPORTS, NAME AND ALIAS REPORTS, CRIMINAL OR SEX OFFENDER REPORTS, AND TO PROVIDE MONITORING AND/OR ALERTS TO YOU"
CSID Privacy Policy states, "We may collect personal information from which you can be identified, such as your name, date of birth, postal and e-mail address, phone number, national identifier or social security number (as applicable) and credit card details...We will use this data to access and monitor various data sets that you request us to monitor as part of your identity protection service and for the prevention and detection of fraud. When you close your account, we may continue to share information about you according to our legal and regulatory requirements."
4.B. Disclaimer of Warranties and Limitation of Liability states, "NEITHER ID EXPERTS OR THE SERVICE PROVIDERS NOR ANY OF THEIR RESPECTIVE AFFILIATES SSUME ANY LIABILITY FOR DAMAGES, DIRECT OR INDIRECT, CONSEQUENTIAL OR INCIDENTAL, IN CONNECTION WITH THE PERFORMANCE OF THE SERVICES OR YOUR REQUEST, USE OR ATTEMPTED USE OF THE SERVICES...THE AGGREGATE LIABILITY OF ALL SUCH PARTIES TO YOU IN ANY EVENT IS LIMITED TO THE AMOUNT WHICH HAS BEEN PAID ON YOUR BEHALF FOR YOUR MEMBERSHIP.
...which is Zero. So if they have a security breach they owe us nothing.
(0)
(0)
0
0
0
Hi all. I just got a MyIDCare email and it seemed odd - which is why googled them and found you.
OPM's letter says they contracted with ID EXPERTS. It also says "Please note that OPM and ID Experts will not contact you to confirm any personal information. If you are contacted by anyone asking for our persnal information in relation to this incident, do not provide it."
What a mess.
OPM's letter says they contracted with ID EXPERTS. It also says "Please note that OPM and ID Experts will not contact you to confirm any personal information. If you are contacted by anyone asking for our persnal information in relation to this incident, do not provide it."
What a mess.
(0)
(0)
0
0
0
First off, it's NOT a scam -- IF you go to https[colon-dbl-slash]http://www.opm.gov[slash]cybersecurity and go from there.
If you've already gotten the OPM sign-up letter, and you hover over the "Sign In" area near the bottom, it clearly shows "myidcare[dot]com" -- I agree it is NOT obvious, so *BE CAREFUL*! Do NOT sign in from any "email links" -- go directly to the OPM dot GOV slash cybersecurity site or directly to the MyIDCare dot com site -- NOT from any links in email! Emails can be faked.
What I find funny (and SCARY) is that THIS site (RallyPoint) asks to be able to MODIFY MY CONTACTS! THAT is questionable! There is ABSOLUTELY *ZERO* REASON FOR THAT! RallyPoint should NEVER *EVER* NEED TO *MODIFY* nor, for that matter, even be able to READ my "gmail" contacts - that sounds like "marketing junk" to me -- as in, "Hey, we need to be able to grab your contacts out of your gmail and use them for marketing -- oh, and hey, by they way, we may secretly "write a NEW contact" into your contacts, just because we can! NO SITE SHOULD EVER ASK FOR NOR NEED ABILITY TO *READ* OR *MODIFY* MY / YOUR CONTACTS!
Thanks, and Semper Fi!
Sgt TJ Mason, USMC, retired
If you've already gotten the OPM sign-up letter, and you hover over the "Sign In" area near the bottom, it clearly shows "myidcare[dot]com" -- I agree it is NOT obvious, so *BE CAREFUL*! Do NOT sign in from any "email links" -- go directly to the OPM dot GOV slash cybersecurity site or directly to the MyIDCare dot com site -- NOT from any links in email! Emails can be faked.
What I find funny (and SCARY) is that THIS site (RallyPoint) asks to be able to MODIFY MY CONTACTS! THAT is questionable! There is ABSOLUTELY *ZERO* REASON FOR THAT! RallyPoint should NEVER *EVER* NEED TO *MODIFY* nor, for that matter, even be able to READ my "gmail" contacts - that sounds like "marketing junk" to me -- as in, "Hey, we need to be able to grab your contacts out of your gmail and use them for marketing -- oh, and hey, by they way, we may secretly "write a NEW contact" into your contacts, just because we can! NO SITE SHOULD EVER ASK FOR NOR NEED ABILITY TO *READ* OR *MODIFY* MY / YOUR CONTACTS!
Thanks, and Semper Fi!
Sgt TJ Mason, USMC, retired
(0)
(0)
0
0
0
It's a TOTAL SCAM!!!!!! Any website that asks for your birthday, social, address, dob, etc is CERTAINLY going to steal your identity with YOUR PERMISSION!!! DON'T SIGN UP!!!
(0)
(0)
Read This Next
Continue with Facebook 
Continue with Google