OPM finishes mailing most notification letters to breach victims

As of Dec. 11, OPM finished mailing initial notification letters to victims of the massive cyber-attack on the agency. Hackers stole personal information from roughly 21.5 million people, including Social Security numbers and data from government background checks.

It's taken OPM nearly six months to assess the scope of the breach, identify those affected and mail out the letters providing information about credit monitoring and identity theft protection services. In recent weeks the agency was generating 800,000 letters a day.

OPM estimated that it sent notifications to 93 percent of affected individuals. Agency officials said the postal service couldn't notify all victims because some letters were returned due to invalid addresses. The agency said more letters will be delivered once they find updated addresses or they are contacted through the verification center. The official letter directs victims to OPM's cybersecurity website, www.opm.gov/cybersecurity, and the agency stressed that any letter asking for personal information should be considered fraudulent and reported to police and the Federal Trade Commission.

And as OPM entered the homestretch of notifying victims, Chinese government officials claimed they had identified and arrested the hackers responsible for the data breach.