US' OPM launches site for victims to check if personal information stolen

The US Office of Personnel Management (OPM) - effectively the US civil service personnel organisation - launched a website for potential victims to check whether their personal information was stolen as part of the massive hack in June. The personal information of 21.5 million and at least 5.6 million fingerprints were stolen as a result of the attack.

OPM has struggled with long delays notifying victims whose information was compromised. The website, hosted by the Defence Department, will allow government employees to verify if their information was compromised.

Following complaints of the protracted delays, the Defense Information Systems Agency (DISA) awarded US $1.8 million (£1.2 million) last month to tech firm Advanced Onion to help with notification. As of November, only a quarter of victims had been notified.

The department had also promised to establish a verification center for potential victims to check. OPM will continue to mail out notification letters.

Ryan Wilk, director at NuData Security, said, "With many US citizens being notified this week that their fingerprints, background checks, social security numbers and other sensitive information was jeopardised, it has once again thrown the OPM hack from earlier this year back into the spotlight. With breaches such as this being a near weekly occurrence, it is clear that organisations can no longer depend on a single security layered system, and instead should be more proactively looking at multi layered systems that involve the use of user behaviour analytics."