I signed up with All Clear for free for ( a year?) after Home Depot had a credit breach.
Guess you get what you pay for.( home depot paid for it)
I wasnt notified for * weeks* after new activity.
( that I initiated, but still)
The anthem thing hit us even though we didn’t have anthem. Anyone with blue cross/blue shield at one point in my company was affected.
We signed up for the credit monitoring and the day after we initiated a loan pre-approval, we got an alert. So it appears that works.
This new thing could be ugly.
I signed up for a new store credit card, but I wonder if maybe the store didnt update the info immediately?
And possibly, it didnt count as new, because I already had one, ( Nordstrom) but I hadnt used it for years, so it was inactive, & I allowed the clerk to sign me up for a new one, because I felt sorry for her, and figured she needed the bonus. ( she appeared to be in her late 60’s & had to renter the work force since her husband died)
Its good to know that it generally is faster, as we also were hit by the Anthem breach.
Would a DOE security clearance back in the 80’s do it? If so, rats. 
It sounds like if you have worked or applied but got rejected to government jobs or clearance of any kind then you are still affected. Until further clarifications that’s what I’m read today.
On one hand, there’s a lot of “could have” here- could have gotten this or that info. Then, in one article it swings into, “the fact that…” But we don’t have enough facts.
What do we really know about the architecture?
IT managers don’t know what they are doing.
Why do they hook the data centers to the Internet?
The data center wouldn’t necessarily have to be hooked to the internet. In the Anthem case, the hackers were able to get the login for an internal network. IDK if that’s what happened here.
The better question is: Why aren’t these giant databases encrypted?
^ If they are not hooked to the internet then the guys from China can never touch them.
Employee machines having internet connections should not be connected directly to the data servers.
Only limited intranet machines should have access to the servers with careful security inspection by firewalls.
Hackers can only intrude an internal network if they can implant a device to the intranet. This is the question of physical security.
Most IT managers are very incompetent. They don’t have intelligence to handle data. Sorry I have to say this.
Considering that IT is typically staffed by those with a business background and/or education, is it any surprise that they are overmatched by crackers?
Computer security is hard even for those with a CS background. Those with just a business background are even further out of their element.
@coolweather - All the more reason to encrypt the data then.
Am I the only one who isn’t surprised that these things keep happening over and over again at the biggest corporations/employers – from the fed gov’t to Anthem to Sony to Home Depot – given that I personally know plenty of IT managers (and I don’t even know that many objectively) who just don’t have the right education, training or work ethic? There was a time about 10-15 yrs ago where every third person who had nothing better to do could get a “certification” in IT from some random community college or for profit college or at some unknown school in India and get a $50,000 job and a visa into this country if they needed it. Lots of people did this – people with non specific liberal arts or business backgrounds; people who were laid off in other field; and people who were just looking for a way to get to the U.S. at a time where it was hard to get visas into the country etc. Now it’s been a decade and those people have 10 yrs of experience and are “management” at these big corporations and are frankly in totally over their heads; I know quite a few who like their paychecks and the fact that their jobs are so “flexible” since they have the technology to work from home now and beyond that they don’t care all that much about what gets done or not. They don’t have the hard hitting CS background that ones needs to be able to keep up with security – so we have security issues at the biggest companies now.
I’m not surprised, @aj725. People are people, and will generally take the easiest path. Not all people, but with so many IT workers involved in so many aspects of every single American’s data, it was only a matter of time before these mega-breaches started happening. I don’t know why that should come as a shock to anyone. The Anthem breach happened because 4 or 5 people were inattentive for a moment. It could just as easily have been one person. When we want all of our data easily and conveniently available, we agree to make ourselves vulnerable. It’s perfectly predictable.
Affected here, too. I understand SF form data was also included. Lovely. That form is so invasive and such a pain to fill out already without this loveliness to add to the festivities. And it’s mandated for employees at a certain level (and family financial info must also be disclosed in it), so there is no getting around completing this form. In our area, a whole lot of people either work for the gov’t or have been contractors/responded to security clearance interviews for same, etc.
What a pain.
My husband is affected, too, because he does some structural engineering design for a defense contractor. Sigh! Not sure yet what we’ll do.
One of these politicians running should propose to make identity theft a crime.
This is a breach of trust between the US Government and those who submitted to the clearance process. We kept our part of the bargain by safeguarding government information. The government failed its part by exposing all who held clearances or submitted the SF86. Is anyone going to go down for this? Did the OPM managers responsible for this database get bonuses and performance awards all these years? I don’t know what to do now that my information is in the hands of a foreign power and the confidential information of people I provided on the form is available to them. Is the US Government going to accept asylum application for foreigners who may be put in danger from this breach?
@LasMa Encryption is only a factor in security. Encrypted data can be decrypted too. Suppose your desktop is the only computer that has the ability to decrypt data in your office. If the hacker can access your computer then he can decrypt the data too.
Encryption would not have helped, dumb holes at OPM handed the keys to outsource contractors working from their home countries. Apparently the three stooges are running OPM:
OPM IT outsourced to foreigner contractors, with root access, working from their home country. In this case, China
http://arstechnica.com/security/2015/06/encryption-would-not-have-helped-at-opm-says-dhs-official/
I don’t think these were offshore contractors. These were the contractors who were performing background investigations for OPM - USIS is one company, the other I can’t recall right now. The hackers got their credentials through social engineering and then got administrator access to the network. There was no two factor authentication on the system (with CAC or token), so they didn’t need to do much else.