B5 Systems

A PERSEC Reminder in the Wake of the OPM Breach

We still don’t fully comprehend the full implications of the recent, massive, breach of the U.S. Government’s Office of Personnel Management’s computer files.  Specifically, we know that security clearance information was stolen and there is a great deal of personal information found on the SF86 questionnaire that is also used on the web.  For example, password hints for financial or otherwise important websites like the name of your elementary school, best friend’s name, etc.  Seriously consider changing those and keep an eye on your information.  

Remember, a little PERSEC goes a long way.  

13 Responses to “A PERSEC Reminder in the Wake of the OPM Breach”

  1. bob says:

    Good call,

    Also, if you received notification from OPM via email, understand that that address has also been compromised. Beware of Spear Phishing attempts to those and any other accounts.

  2. Will says:

    The consequences of this breech are far more serious than anyone really wants to admit. Imagine every single bit of personal information you have, including your fingerprints, just being made public. Frankly, anyone on the internet now has the ability to falsify your identity in full. I would take it further and suggest you brief family members, even if they don’t live with you, to be suspicious of anyone who makes contact regarding a government employee.

    21 million Americans have just been violated, and now they and their families are in grave financial and possibly physical danger. I know we’ve all become numb to hacking stories, but if you’re one of the 21 million you must take PROACTIVE steps to protect yourself. Change your security questions, notify your financial institutions, and definitely consider home security.

  3. Mike D says:

    Additionally, I would recommend reviewing your SF86 if you retained a copy for your own records. Cease using any of that information for passwords or password hints immediately. Luckily, my SF86 is in need of updating. It had some pretty basic info on it and is missing a large portion of more up to date info. It’s a pretty crappy thing to happen, so be careful what information you put out there from now on.

  4. swiss says:

    yeah, for those of us who just renewed at the start of this year… sigh..

  5. Badjujuu says:

    This really makes my stomach churn, knowing what I had to put down on my SF86 based on my background. Not only I, but by immediate family, relatives and friends as well as associates will need to be on alert. FOR YEARS. And unlike a credit card info theft I can’t just cancel my life and get a new one. Like we needed more problems in our lives.
    So the head of opm resigns, big freaking deal.

  6. Evets Steve says:

    The last time I was read into a program requiring enrollment in an active PRP, everyone received a Counter-Intel briefing that included many known deliberate second-order effects which hostile nation states either had on their books or were believed to have practiced/planned for. Many of these involved compromising a friend or family member in some way that would create a crisis of conscience for the cleared person, then they’d offer a solution to the crisis in exchange for betraying one’s country. I was in uniform at the time, and while the thought of those horrible things happening to my friends and family haunted me, I trusted that there was the world’s best Counter-Intel industry actively working to thwart any such efforts to compromise us. Based on that, I entered into several lifetime, never-to-expire, non-disclosure agreements with the US Government.

    When I heard of the OPM hack and that our SF86 data is in the wind, I knew that this time it’s different. There is just no way the same level of protection I was afforded could be scaled up to millions of people. I sat down and went through the painful, soul-wrenching process of cross referencing who has been on my SF86s with those whom a foreign actor could use to compromise me. Knowing that my choices would be either calling 911 to pry the local boys from their traffic stops, or dusting off my old cards to find the FBI CI watchdesk’s phone number and spin an impassioned tale of how important I once was and why I needed their help.

    I haven’t taken off my 1911 or skipped church since

    • balais says:

      Not to be alarmist, but I recently purchased another concealed carry holster that is far more comfortable than the one I replaced. Why? because I intend on carrying my gun a lot more than I used to.

      Its a fact of life.

  7. Engineer says:

    I thought DoD BIs werent breached this time? Not that this isnt sage advice and should be followed regardless…

    • Evets Steve says:

      Just about every cleared contractor I’ve worked with for the last 15 years has been a previously-cleared member of the US armed forces.

      Maybe Title 50 can stay clear of this, but I think that us former DoD, out-of-uniform but still Title 10 guys, are going to be the bulk of those 19 million people.

  8. Steve says:

    Having just a bit of inside info on the effort to automate the reinvestigation process of clearances (called Continuous Evaluation Concept Development), I have to wonder if this was a breach of a USG server, or if DMDC went through with their plan to give a third-party commercial entity the data of all DOD folks with a clearance and let the commercial entity search for financial, travel, and social media flags that would indicate the need to conduct a “human” investigation. Wouldn’t that be a hoot if the security breach was caused by a tremendously bad idea, carried to fruition? Hey, DMDC, DHRA, USD(P&R)–what’s the story, you’ve been awfully quiet lately?

  9. Stefan S. says:

    Another Epic-Fail for the Obozo band of useless idiots. Let’s see how the Iran Nuke deal turns out LOL!