In short, if you filled out a form SF-86, Questionnaire for National Security Positions; SF-85, Questionnaire for Non-Sensitive Positions; or SF-85P, Questionnaire for Public Trust Positions, your records are toast. Or, as OPM put it, "it is highly likely that you are impacted by the incident involving background investigations. If you underwent a background investigation prior to 2000, you still may be impacted, but it is less likely."
Before we get into the details of the plan that's to make this all better, you should know what's been revealed. These "records include identification details such as Social Security Numbers; residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details."
Other details? Some records included mental health and financial history findings from security background investigators and fingerprints. The OPM breach was already the worst of all time, and the more we learn about it, the worse it looks.
So, now with tens-of-millions more people exposed, here's the new plan.
1. Provide a comprehensive suite of monitoring and protection services for applicants and non-applicants whose sensitive information were stolen. This will cover the 21.5 million background investigation applicants, spouses or co-habitants with SSN and other sensitive information stolen from OPM databases. The OPM and the Department of Defense (DoD) will work with a private-sector firm specializing in credit and identity theft monitoring to provide services such as:
Full service identity restoration support and victim recovery assistance
Identity theft insurance
Identity monitoring for minor children
Continuous credit monitoring
Fraud monitoring services beyond credit files
The OPM and DoD have not revealed what company will do this work. This protection will be provided for a period of at least three years, at no charge.
In the coming weeks, OPM will begin to send notification packages to these individuals, which will provide details on the incident and information on how to access these services. Sources at DoD said that these packages will not be sent via e-mail. The improper use of e-mail was one of the flaws in the first attempt to provide protection for government employees.
2. Help individuals included on background investigation forms. The OPM will also provide a package that affected individuals can share with people who were mentioned on their background investigation forms,
This package will explain the types of data that your families and friends may have had revealed on the form. It includes best practices they can exercise to protect themselves. Almost all of this data is the kind of thing you could find on someone's social network sites.
4. Establish a call center to respond to questions. In the coming weeks, a call center will be opened to respond to questions and provide more information.
Finally, barring the barn doors after the horses are out: "In the coming months, the Administration will work with Federal employee representatives and other stakeholders to develop a proposal for the types of credit and identity theft monitoring services that should be provided to all Federal employees in the future -- regardless of whether they have been affected by this incident -- to ensure their personal information is always protected."