The government is planning to invest $330 million in financial fraud protections for Office of Personnel hack victims, even though the suspected computer intruders are not thought to be in the business of ID theft.
It is widely believed Chinese spies confiscated records on the national security workers and others to exploit what they know -- not their bank accounts.
On Tuesday, U.S. officials announced a company called "I.D. experts" has been retained to offer the 21.5 million affected individuals three years of credit monitoring, ID theft monitoring, ID theft insurance and ID restoration services. The services the government has vowed to provide over that time span will cost $329.8 million, Naval Sea Systems Command, the agency overseeing the contract, confirmed with Nextgov Wednesday morning.
The Office of Personnel Management, which held the data targeted, acknowledged the hackers could have other designs on the information that credit monitoring might not be able to prevent.
“We've also been focused on other implications of this data" that was copied, OPM Acting Director Beth Cobert said in a call with reporters Tuesday evening.
The National Counterintelligence and Security Center along with OPM are promoting educational materials that explain how not to be entrapped by foreign intelligence services, she said.
"There is a pamphlet that they have developed that's on our website," Cobert said. In addition, the center has published an online video educating viewers about phishing attacks and potential attempts to exploit national security workers' personal information.
For the most part, the tips in the DNI brochure echo the advice the Federal Trade Commission gives to victims of credit card hacks.
Some of the recommendations: "Look for any unexplained activity or changes in your credit score and reports," place a fraud alert on your credit report, and "if you notice fraudulent activity, go to the FTC website and complete an ID theft complaint form."
One page in the pamphlet homes in on the espionage threat with warnings about intelligence exploitation:
When traveling overseas, be cautious about those who seem to have a lot in common with you. Be wary if they wish to maintain contact with you once you return to the States.
Be aware of your behavior travelling overseas.
Be cautious about foreigners who approach you in the U.S. who seem to have many similar interests.
Be cautious of foreigners who make third party introductions.
Be circumspect about unsolicited offers of travel, study, or employment, especially those involving travel to a foreign country.
Report any suspicious contacts to your security officer and follow their instructions.
Cobert said specialists governmentwide agreed the ID theft services now being offered are the best protections for victims, in this situation.
"We convened an interagency task force of experts across the federal government, experts in cybersecurity, experts in privacy, to develop the suite of services, and concluded that this was the appropriate set of services to offer for individuals given what has been taken," she said.
Some lawmakers pushing for stronger safeguards against financial losses acknowledge those services might be insufficient.
"There may be some things we can't compensate for," House minority whip Rep. Steny Hoyer, D-Md., said July 27. "Clearly, if credit is breached, we can compensate for that. But there may be other things that might be more difficult to make people whole."
To date, there is no indication anyone’s financial standing has been compromised, officials say.
FBI officials "have seen no evidence that the stolen data from the background investigation breach has been exploited," Cobert said.