Just weeks after the federal government began notifying employees and contractors whose personal information was stolen in a massive data breach, the Defense Department is proposing a plan to create a temporary database to keep track of the hack victims.
Once the federal government has determined and documented whether an individual was affected by the Office of Personnel Management hack, the Pentagon's Defense Manpower Data Center plans to store the information in a “holding file," according to an Oct. 14 notice in the Federal Register.
The database will be used to determine eligibility for a suite of identity-theft protection services offered to breach victims.
DOD plans to store the information until December 2018, when the contract period for ID services ends, according to the notice.
“This will allow individuals who lose or never receive their PINs to use the portal and helpdesk to determine eligibility throughout the entire contract period,” the notice stated.
More than 21 million federal employees had their personal information compromised in the cyberincident linked to China. About a quarter of them likely had their fingerprints stolen, according to a recent blog post by acting OPM Director Beth Cobert.
After enough information has been collected to determine an individual’s breach status, the findings will likely be submitted to OPM’s secure portal and then verified, according to the notice.
Employees, retirees and contractors notified by OPM will receive a unique PIN, allowing them to register for these protection services. Individuals can also self-check if they were affected by the breach -- and qualify for ID services -- using a "secure portal" maintained by OPM.