Congressman: OPM Hack Data Being Used to Attempt Identity Theft

A Democratic congressman who says his personal information was stolen in two massive data breaches at the Office of Personnel Management now says his information is being used in attempted identity-theft schemes.

“In the last three weeks, I’ve had people use my data from that breach to apply for credit cards in three different banks all over the country and god only know what else will happen,” said Rep. Gerry Connolly, D-Va., said Tuesday at a Capitol Hill event on cloud computing. “I can tell you, we know why the Chinese wanted this data: to sell it to people who are going to use it try to create fraudulent credit. That’s one reason; there may be lots of other reasons as well.”

It’s believed hackers backed by the Chinese government exfiltrated data from OPM, purportedly as part of an espionage operation.

However, Connolly’s assessment is at odds with what leaders of the intelligence community and OPM have maintained since the breaches were disclosed: That so far there's been no indication the information has been used for fraudulent purposes.

FBI officials "have seen no evidence that the stolen data from the background investigation breach has been exploited," acting OPM Director Beth Cobert told reporters during a conference call last month.

Director of National Intelligence James Clapper told lawmakers at a congressional hearing later that month there’d been no evidence any of the stolen data had been used “in a nefarious way.”

During a brief interview with Nextgov after the Capitol Hill event, when asked about officials’ statements that the data has not been used, Connollly said: “I can only tell about my experience. I don’t know. I suppose in theory what’s happening with me could be … independent of that breach.”

An OPM spokesman did not immediately respond to Nextgov’s request for comment.

Last month, the government awarded the first part of a $330 million contract to a company called "I.D. Experts," to provide up to three years of credit monitoring for those affected by a breach of background investigation files. A separate company, CSID, is providing services to victims of a smaller breach of federal personnel records disclosed earlier in the summer.

After being contacted by one of the banks where an attempt to open a credit card was made, Connolly said he contacted one of the ID protection companies contracted by the government -- he didn’t provide the name for the company -- which informed him of two other fraudulent attempts to open credit cards.

The company was “very helpful,” he added. “We were very pleased with their work. They were on it.”

All told, more than 21.5 million current, former and prospective federal employees and contractors were affected by the breach of background investigation files. The federal government began notifying impacted individuals last week.