On Thursday, June 4, the U.S. Office of Personnel Management (OPM) announced a cybersecurity incident affecting its systems and data that may have exposed the personal information of more than three million Federal personnel. As more information is unearthed about the cause and culprit behind this attack, employees may be wondering what can be done to mitigate the risk of identity theft. As unfortunate cyber security incidents like this are becoming more and more prevalent, it is becoming increasingly imperative for businesses and consumers to take every necessary precaution to protect personal information. In an effort to stay ahead of cyber criminals, we have created a list of precautions consumers should take to protect their identity:

• Practice safe password habits. Do not reuse your password across multiple sites. Develop a password system that helps you remember the unique passwords you develop for each digital account you own. Passwords should be long, should not include any words found in a dictionary and should vary in character type (include special characters, capitalization and punctuation as password systems allow). Be sure to change passwords every six months and use two-factor authentication whenever possible.
• Be on the lookout for phishing attempts via email, phone and social media. Be wary of unsolicited phone calls and email messages from individuals asking about personal information. If an unknown individual claims to be from a legitimate organization, verify his or her identity directly with the company.
• Monitor your identity. Use a service to monitor for suspicious activity of your personal information on the black market. Monitoring services will alert you if your personal information is being shared on the dark web.
• Keep your devices secure. Do not use public Wi-Fi to connect to the Internet. Make sure to keep all devices up-to-date with anti-virus software.
• Do not share personal information over email. Do not email sensitive information like your home address, social security number or bank account information.
• Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (example: .com versus .net).
• Monitor financial account statements. Immediately report any suspicious or unusual activity to financial institutions.
• Request a free credit report and review for errors and misuse. Consumers are entitled to one free credit report per year from each of the three major credit bureaus: TransUnion, Experian, and Equifax.
• Place a fraud alert on your credit file. Let creditors know to contact you before opening a new account in your name.

OPM has partnered with CSID to provide identity protection coverage to affected individuals. If you believe you may have been affected by this incident, please visit www.csid.com/opm for more information.