Arizona has more than 55,000 federal employees who could find out as early as Monday if they are among the 4 million federal workers and retirees whose personal information may have been compromised in a cyberattack.
The Office of Personnel Management announced late Thursday that it had detected, in April, a breach of worker records earlier this year.
The agency said it hopes to begin letting individual workers know Monday if they were affected. In the meantime, it is encouraging all federal workers to take precautionary measures.
OPM is also “offering affected individuals credit monitoring services and identity theft insurance,” an agency statement said.
The agency said it is currently working with the FBI and Department of Homeland Security’s U.S. Computer Emergency Readiness Team to address the issue and “the impact to federal personnel.”
It was unclear Friday how many workers or retirees in Arizona were affected, but labor unions and elected officials said the breach was another call for the need for government cybersecurity.
Sen. John McCain, R-Arizona, called on the administration to find “ways to deter our enemies from attacking in the first place.” McCain, the chairman of the Senate Armed Services Committee, said in a prepared statement that up to 1 million military members could be among the 4 million potential victims.
Unions representing federal workers, meanwhile, were scrambling to help their members, after what could be the largest federal data breach in recent history. One of those was the American Federation of Government Employees, which claims to be the largest federal employee union with 700,000 members.
“We will work with the administration to ensure that all available measures be taken to secure the personal information of all affected employees,” AFGE National President J. David Cox Sr. said in a statement posted to the union’s website.
News reports indicated that state-sponsored Chinese hackers committed the cyberattack that targeted what OPM called “personal information of current and former federal employees.”
But OPM did not make the link to the Chinese, and White House spokesman Josh Earnest would only say Friday that the incident is still under investigation, according to a transcript of the daily press briefing.
News reports also said the breach occurred in December, but OPM would only say in its statement that it became aware of this cyberattack during a recent “update to its cybersecurity posture” this spring.
Although identity theft and loss of personal information can take many different forms, there are standard procedures that are recommended for anyone who finds themselves in such a situation.
The first step to take, according to Courtney Bennett, a program manager in the community outreach and education division for the Arizona Attorney General’s office, is to file an identity theft affidavit with the Federal Trade Commission.
Bennett also recommends notifying merchants of any unauthorized charges on your account, as well as contacting credit reporting agencies.
She said one step that is commonly overlooked – calling the police – can be one of the most important. But people may hesitate, since they don’t think of credit theft in the same way as theft of property.
“There is theft of your personal information,” she said. “So it’s important they contact local law enforcement and file a police report.”
McCain said everyone needs to be vigilant.
“Whether a government agency or private company, no one is immune from attacks by increasingly sophisticated enemies,” his statement said.