OPM breach and credit freeze

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
User avatar
Blues
Posts: 2501
Joined: Wed Dec 10, 2008 10:58 am
Location: Blue Ridge Mtns

Re: OPM breach and credit freeze

Post by Blues »

Do both parties to a joint return need to have a PIN or can a joint return be filed with only one?
User avatar
Ketawa
Posts: 2521
Joined: Mon Aug 22, 2011 1:11 am
Location: DC

Re: OPM breach and credit freeze

Post by Ketawa »

Thanks for the pointer to form 14039. My personal information was likely stolen from OPM, although I haven't been notified yet. In the meantime, it definitely was stolen in the Experian/T-Mobile data breach, so I completed it. It took me about 5 minutes to put everything together.
BigSaver
Posts: 139
Joined: Mon Apr 20, 2015 7:31 am

Re: OPM breach and credit freeze

Post by BigSaver »

bayview wrote:
BigSaver wrote:It's not much trouble at all. Simple form to fill out, sign it, mail it. When the letter from the IRS arrives 4-6 weeks later, get your IP PIN online. I know people who spent many months correcting the problem where someone filed a fraudulent return under their SSN early in the year, and it went undetected until they attempted to file their real return in March/April, and their real return was rejected. It took months to correct w/IRS. Personally, I would rather use this IP PIN process to prevent that.
Does it affect the processing time at all once you file?
I don't know. I'll find out when I file my 2015 return, the first year with the IP PIN.

I learned about the 14039 form from an WSJ article published earlier this year. It used to be that the IRS only issued IP PINs to people who were victims of tax return fraud, but according to this article, the IRS expanded the program. Be sure to write an explanation of the breach you experienced in the space provided on the 14039 form. I.e. don't just check boxes.

http://www.wsj.com/articles/protect-you ... 1425056152

I apologize if you cannot read this, i.e. don't have a WSJ subscription. Key excerpt:

"...But you don’t have to be a victim to obtain such a PIN. Starting this year, an IRS pilot program is giving PINs to people who filed federal returns as residents of Georgia, Florida and the District of Columbia last year. (These are the areas with the highest percentage rate of tax identity theft.) To get one, apply at http://www.irs.gov.

The IRS also recently sent letters offering PINs to about 1.7 million people who were selected because the agency had seen suspicious activity in their accounts.

In addition, people who are potential victims of identity theft—be it from a stolen purse or a data breach—can notify the IRS by filing Form 14039, “Identity Theft Affidavit,” and checking Box 2. The IRS may or may not grant a PIN, but filing the form could qualify taxpayers for other heightened security measures, according to an IRS spokeswoman.

Andy Mattson, a certified public accountant at Moss Adams in Campbell, Calif., hasn’t been a victim of identity theft. But he received a PIN from the IRS after a 2012 data breach of South Carolina’s tax system exposed the information of 3.8 million individuals, including his—because he prepares corporate tax returns filed there.

Mr. Mattson urges everyone who is at risk to file Form 14039. “It only takes a few minutes and could save many hours of your time or a professional’s,” he says."
BigSaver
Posts: 139
Joined: Mon Apr 20, 2015 7:31 am

Re: OPM breach and credit freeze

Post by BigSaver »

Blues wrote:Do both parties to a joint return need to have a PIN or can a joint return be filed with only one?
If both of you were targets of a data breach, you should each fill out a 14039, and likely you will each receive separate IP PINs.
After that, both of you will be protected against someone filing a false return under either of your SSNs.

If only one of you was notified of a data breach, here's what I would do:
1. Fill out 14039 for the person whose information was breached, and of course write in the nature of the breach in the space provided.
2. Fill out a separate 14039 for the person who was not notified directly of any data breach, but in the space provided reference the breach of the spouse and explain the concern that you may be at risk too, and that you typically file jointly.

Worst case: IRS will deny the 2nd, and then you file your joint return with an IP PIN on only one of you.
User avatar
Blues
Posts: 2501
Joined: Wed Dec 10, 2008 10:58 am
Location: Blue Ridge Mtns

Re: OPM breach and credit freeze

Post by Blues »

BigSaver wrote:
Blues wrote:Do both parties to a joint return need to have a PIN or can a joint return be filed with only one?
If both of you were targets of a data breach, you should each fill out a 14039, and likely you will each receive separate IP PINs.
After that, both of you will be protected against someone filing a false return under either of your SSNs.

If only one of you was notified of a data breach, here's what I would do:
1. Fill out 14039 for the person whose information was breached, and of course write in the nature of the breach in the space provided.
2. Fill out a separate 14039 for the person who was not notified directly of any data breach, but in the space provided reference the breach of the spouse and explain the concern that you may be at risk too, and that you typically file jointly.

Worst case: IRS will deny the 2nd, and then you file your joint return with an IP PIN on only one of you.
Thanks for the explanation. :beer

I'm going to mull it over some before deciding. I'm a bit reluctant to use snail mail to send in the requested data AND a copy of a photo ID. Seems it would be nearly or just as vulnerable to something problematic...
User avatar
Hayden
Posts: 1533
Joined: Tue Apr 16, 2013 5:13 pm

Re: OPM breach and credit freeze

Post by Hayden »

BigSaver wrote:To all whose personal information was stolen, including SSN:

You are eligible to submit IRS form 14039 "Identity Theft Affidavit" to request an Identity Protection PIN (IP PIN) from the IRS. Once issued, the IP PIN will be required in order to file future tax returns; The IRS will not accept any tax returns without it. Also, the IP PIN will change each year.

The 14039 form covers 2 situations:
- you were a victim of identity theft, or
- you haven't YET been a victim of identity theft, HOWEVER, you are at risk because you were a target of a data breach like OPM or Anthem.

It takes the IRS several weeks to process the 14039 request. If accepted, they'll send you instructions for setting up the IP PIN.

Note: This IP PIN is NOT the same as the efiling PIN.

Form 14039 can be downloaded here. Fill it out is as soon as you find out that your personal data may have been stolen. DON'T wait until tax filing time to submit this.
https://www.irs.gov/pub/irs-pdf/f14039.pdf
Thank you for posting this. I just submitted my form.
gkaplan
Posts: 7034
Joined: Sat Mar 03, 2007 7:34 pm
Location: Portland, Oregon

Re: OPM breach and credit freeze

Post by gkaplan »

How does this work when one is using TurboTax or some other tax preparation software package to prepare one's tax return?
Gordon
User avatar
Blues
Posts: 2501
Joined: Wed Dec 10, 2008 10:58 am
Location: Blue Ridge Mtns

Re: OPM breach and credit freeze

Post by Blues »

gkaplan wrote:How does this work when one is using TurboTax or some other tax preparation software package to prepare one's tax return?
From the TaxAct site:
IRS Identity Protection PIN

If you were a victim of identity theft, you may receive IRS Notice CP01A containing a single use 6-digit PIN. If you have misplaced the IRS letter containing your IP PIN, CLICK HERE to retrieve it.

You can enter the Identity Protection PIN in the TaxAct® program using the following steps:
From within your TaxAct return (Online or Desktop), click on the Federal tab. On smaller devices, click in the upper left-hand corner, then select Federal.
Click Miscellaneous Topics to expand the category and then click Identity Protection PIN
Enter the 6-digit PIN next to the applicable taxpayer listed on the return*
*Note, each spouse on a married filing joint return will have his or her own IP PIN. If only one spouse received an IP PIN, that PIN would need to be entered in the field for that particular spouse.

The Identity Protection PIN will appear on the printed copy of your return. The PIN is automatically transmitted to the IRS with an electronically filed return.
User avatar
TimeRunner
Posts: 1939
Joined: Sat Dec 29, 2012 8:23 pm
Location: Beach-side, CA

Re: OPM breach and credit freeze

Post by TimeRunner »

Turbotax Instructions (easy Google search): https://ttlc.intuit.com/questions/19003 ... git-ip-pin
One cannot enlighten the unconscious. | "All I need are some tasty waves, a cool buzz, and I'm fine." -Jeff Spicoli
Mudpuppy
Posts: 7409
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: OPM breach and credit freeze

Post by Mudpuppy »

Blues wrote:I'm going to mull it over some before deciding. I'm a bit reluctant to use snail mail to send in the requested data AND a copy of a photo ID. Seems it would be nearly or just as vulnerable to something problematic...
As long as you drop the envelope off at a post office in an inside box, snail mail is one of the safest ways to send personal information to a corporation or government entity, short of sending it electronically with a high level of encryption. Electronic transmissions that are not properly encrypted get passed through a variety of intermediaries along the path to the receiver, any of which could be infested and intercept the message.

Think of it this way. The biggest ID theft concern with snail mail is someone stealing the letter from the mailbox or a rogue postal employee stealing it en-route. If you drop the letter off at a post office, using an indoor mail box (which is typically built into a wall), it is very hard for a random thief to steal from the outgoing mailbox. Corporations and governments likewise typically have their mail delivered to a manned location, so it is also hard for a thief to steal it when it's received (unlike personal mail, which is dropped off a mail box with no one around for hours until you get home and check the box, so there is plenty of time for a thief to go riffling through the box for ID theft information).

So really, you only have to worry about rogue employees or the mail getting lost in transit (including getting lost due to storms, accidents, fires, etc.), both of which are fairly rare these days. And since you should also already be freezing your credit in response to the breach, you really don't have the same ID theft concerns as someone with unfrozen credit, so even if the letter is stolen, there's not too much of a consequence since your information is already out there.
rkhusky
Posts: 17763
Joined: Thu Aug 18, 2011 8:09 pm

Re: OPM breach and credit freeze

Post by rkhusky »

I thought your SS card was not to be used for identification. Seems like it would be easy to Photoshop. But so would altering a name on a photocopy of a drivers license or passport.
rkhusky
Posts: 17763
Joined: Thu Aug 18, 2011 8:09 pm

Re: OPM breach and credit freeze

Post by rkhusky »

Blues wrote:Do both parties to a joint return need to have a PIN or can a joint return be filed with only one?
There is only 1 spot for an IP PIN on the 1040, but that doesn't mean that an ID thief won't file a fraudulent form using either of your SS#'s.
User avatar
Blues
Posts: 2501
Joined: Wed Dec 10, 2008 10:58 am
Location: Blue Ridge Mtns

Re: OPM breach and credit freeze

Post by Blues »

rkhusky wrote:
Blues wrote:Do both parties to a joint return need to have a PIN or can a joint return be filed with only one?
There is only 1 spot for an IP PIN on the 1040, but that doesn't mean that an ID thief won't file a fraudulent form using either of your SS#'s.

Thanks for that info. I was wondering whether the joint form could accommodate two PINs. :beer

@Mudpuppy: You may well be right in your assessment regarding the risks involved. Everything is somewhat of a crap shoot these days.
HogsAndApples
Posts: 199
Joined: Thu Feb 02, 2012 4:52 pm

Re: OPM breach and credit freeze

Post by HogsAndApples »

Regarding IRS form 14039 - this is the first time I've heard of this. I was informed my information may have been released in a large hack earlier this year.

Is this good advice for anyone whose SS# and/or other id information may have been breached?

I did skim the thread, but want to make sure this advice is also applicable for others whose id information has been compromised as mine did not involve the OPM breach.
BigSaver
Posts: 139
Joined: Mon Apr 20, 2015 7:31 am

Re: OPM breach and credit freeze

Post by BigSaver »

HogsAndApples wrote: Is this good advice for anyone whose SS# and/or other id information may have been breached?
.
Yes. This advice is not just for those affected by the OPM breach. Anyone whose personal information was stolen, including SSN, can use 14039 to protect against someone filing a tax return under your SSN.

If just a credit card # was stolen, I doubt that would be considered identity theft. Whether your SSN has to be part of the theft, I do not know.

Here's the text of box 2 on the form. As always when signing an affidavit, tell the truth. If the IRS rejects the request, you've lost nothing.

I have experienced an event involving my personal information that may at some future time affect my federal tax records.
You should check this box if you are the victim of non-federal tax related identity theft, such as the misuse of your personal identity information to obtain credit. You should also check this box if no identity theft violation has occurred, but you have experienced an event that could result in identity theft, such as a lost/stolen purse or wallet, home robbery, etc.
Briefly describe the identity theft violation(s) and/or the event(s) of concern. Include the date(s) of the incident(s).
User avatar
Blues
Posts: 2501
Joined: Wed Dec 10, 2008 10:58 am
Location: Blue Ridge Mtns

Re: OPM breach and credit freeze

Post by Blues »

Many thanks to all who have provided us with the relevant sites and info. My request will be sent out as soon as I have the opportunity to run by the local P.O. and hand it off directly. :sharebeer
MilitaryDoc
Posts: 70
Joined: Sun Jan 12, 2014 9:23 am

Need OPM breach advice

Post by MilitaryDoc »

Hi everyone,

I received the following letter in the mail today (this is the generic version from opm.gov -->https://www.opm.gov/cybersecurity/sample-letter.pdf). I am positive the OPM breach has already been discussed, but at this very moment, I'm inundated with military residency responsibilities.

Does anyone have the quick down and dirty on how to best respond? Should I just sign up for ID experts and be vigilant? Thank you so much in advance to those who have gone through this and can offer up some succinct direction.

Best,
MilitaryDoc
User avatar
LadyGeek
Site Admin
Posts: 95686
Joined: Sat Dec 20, 2008 4:34 pm
Location: Philadelphia
Contact:

Re: OPM breach and credit freeze

Post by LadyGeek »

^^^ I moved MilitaryDoc's post into the on-going discussion thread, which is in the Personal Consumer Issues forum.
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
MilitaryDoc
Posts: 70
Joined: Sun Jan 12, 2014 9:23 am

Re: Need OPM breach advice

Post by MilitaryDoc »

MilitaryDoc wrote:Hi everyone,

I received the following letter in the mail today (this is the generic version from opm.gov -->https://www.opm.gov/cybersecurity/sample-letter.pdf). I am positive the OPM breach has already been discussed, but at this very moment, I'm inundated with military residency responsibilities.

Does anyone have the quick down and dirty on how to best respond? Should I just sign up for ID experts and be vigilant? Thank you so much in advance to those who have gone through this and can offer up some succinct direction.

Best,
MilitaryDoc

Bump... anybody receive the same letter and sign up following its instructions?
User avatar
Ketawa
Posts: 2521
Joined: Mon Aug 22, 2011 1:11 am
Location: DC

Re: OPM breach and credit freeze

Post by Ketawa »

I signed up for the MyIDCare service. It seems fine. It monitors all three credit reporting agencies for activity. I also submitted a bunch of my personal information, and the service will supposedly monitor for any signs that your information is being sold online. Who knows how good it is, but I figured it can't hurt.
rkhusky
Posts: 17763
Joined: Thu Aug 18, 2011 8:09 pm

Re: OPM breach and credit freeze

Post by rkhusky »

I've signed up for credit monitoring that was offered for a data breach, but it was associated with one of the three credit bureaus, who already have most of my credit info. I am less tolerant of other third party organizations. If ID Experts doesn't require you to provide a bunch of personal information, I would sign up.

You can also get a pin for your tax return by filing IRS form 14039 to prevent someone else from filing a return with your SS#.
You can freeze your credit report at the three bureaus.
You should get your 3 free credit reports annually, spaced 4 months apart.
User avatar
Blues
Posts: 2501
Joined: Wed Dec 10, 2008 10:58 am
Location: Blue Ridge Mtns

Re: OPM breach and credit freeze

Post by Blues »

I'm a bit beyond surprised that I haven't (yet) received any notification from OPM. However, assuming the worst, I've frozen our credit, taken additional steps to enhance online security (especially as regards financial sites) and mailed off my request for the IRS PIN. Hopefully a modicum of due diligence on our part will bar the devil from our door.
MilitaryDoc
Posts: 70
Joined: Sun Jan 12, 2014 9:23 am

Re: OPM breach and credit freeze

Post by MilitaryDoc »

Thanks for the responses. I found out yesterday that 2 of my other co-residents received the same letter. It looks like many active duty servicemembers are affected by this. DW is also in the military, but she hasn't received any notification yet.

I think I'm going to hold off on freezing my credit until I have more time to investigate. It looks like you have to provide some personal information to sign up for this monitoring service. It is pretty much the same personal info that was hacked so I think I'll sign up anyways.

The IRS pin option seems like a good option as well. I'll have to bounce this off my accountant to see what he thinks.

Do these seem like reasonable steps?
Mudpuppy
Posts: 7409
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: OPM breach and credit freeze

Post by Mudpuppy »

I think I already mentioned this up thread when it first started, but keep in mind that the OPM breach was likely conducted for cyber-espionage purposes, not for financial gain. That does not mean you should ignore the ways to protect your finances, but it also means you probably would be fine with freezing your credit and monitoring your free credit reports on a regular basis, rather than give all of your information to yet another company (who themselves could be the target of a criminal with financial gains in mind in the future).
User avatar
Topic Author
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: OPM breach and credit freeze

Post by VictoriaF »

BigSaver wrote:To all whose personal information was stolen, including SSN:

You are eligible to submit IRS form 14039 "Identity Theft Affidavit" to request an Identity Protection PIN (IP PIN) from the IRS. Once issued, the IP PIN will be required in order to file future tax returns; The IRS will not accept any tax returns without it. Also, the IP PIN will change each year.

The 14039 form covers 2 situations:
- you were a victim of identity theft, or
- you haven't YET been a victim of identity theft, HOWEVER, you are at risk because you were a target of a data breach like OPM or Anthem.

It takes the IRS several weeks to process the 14039 request. If accepted, they'll send you instructions for setting up the IP PIN.

Note: This IP PIN is NOT the same as the efiling PIN.

Form 14039 can be downloaded here. Fill it out is as soon as you find out that your personal data may have been stolen. DON'T wait until tax filing time to submit this.
https://www.irs.gov/pub/irs-pdf/f14039.pdf
I send my tax returns via Post Office mail. Is requesting a PIN useful in my case?

Victoria
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
BigSaver
Posts: 139
Joined: Mon Apr 20, 2015 7:31 am

Re: OPM breach and credit freeze

Post by BigSaver »

VictoriaF wrote:
BigSaver wrote:To all whose personal information was stolen, including SSN:

You are eligible to submit IRS form 14039 "Identity Theft Affidavit" to request an Identity Protection PIN (IP PIN) from the IRS. Once issued, the IP PIN will be required in order to file future tax returns; The IRS will not accept any tax returns without it. Also, the IP PIN will change each year.

The 14039 form covers 2 situations:
- you were a victim of identity theft, or
- you haven't YET been a victim of identity theft, HOWEVER, you are at risk because you were a target of a data breach like OPM or Anthem.

It takes the IRS several weeks to process the 14039 request. If accepted, they'll send you instructions for setting up the IP PIN.

Note: This IP PIN is NOT the same as the efiling PIN.

Form 14039 can be downloaded here. Fill it out is as soon as you find out that your personal data may have been stolen. DON'T wait until tax filing time to submit this.
https://www.irs.gov/pub/irs-pdf/f14039.pdf
I send my tax returns via Post Office mail. Is requesting a PIN useful in my case?

Victoria
Victoria, Yes. The purpose of the IRS IP PIN is to prevent someone else from filing a fraudulent tax return under your SSN. If your SSN and other personal information were divulged in a security breach, crooks who received that info could attempt to file a tax return (calculated to get a nice sized refund directed to their bank account) under your SSN. Theoretically, they could attempt this whether or not you've ever filed an electronic tax return.

If you do get an IP PIN, I believe you can still file a paper 1040 tax return... there's a field in the signature area at the bottom of page 2 of form 1040:
If the IRS sent you an Identity Protection PIN, enter it here (see inst.)
Any attempts to file a federal tax return under your SSN without the correct IP PIN will fail. For example, if you get an IP PIN but forget to put it on your 1040, the return should be rejected.

That is how I understand the purpose & the process.
User avatar
TimeRunner
Posts: 1939
Joined: Sat Dec 29, 2012 8:23 pm
Location: Beach-side, CA

Re: OPM breach and credit freeze

Post by TimeRunner »

OPM records breached - sending in my form with copy of ID tomorrow.
Last edited by TimeRunner on Tue Dec 01, 2015 8:56 am, edited 1 time in total.
One cannot enlighten the unconscious. | "All I need are some tasty waves, a cool buzz, and I'm fine." -Jeff Spicoli
User avatar
Tycoon
Posts: 1630
Joined: Wed Mar 28, 2012 7:06 pm

Re: OPM breach and credit freeze

Post by Tycoon »

Just got my OPM breach letter. How comforting that the author had her information stolen too; it makes it all better. :annoyed
Emotionless, prognostication free investing. Ignoring the noise and economists since 1979. Getting rich off of "smart people's" behavioral mistakes.
User avatar
bru
Posts: 1013
Joined: Fri Jul 23, 2010 6:32 pm

Re: OPM breach and credit freeze

Post by bru »

Got my letter today. Wasn't sure it was legit as I had no idea I would be involved.

I'm confident the credit monitoring company will do nothing that I can't do so I doubt I'll sign up. I sure don't want to be a victim but maybe I'll be able to file a claim for 1 million.
Call_Me_Op
Posts: 9881
Joined: Mon Sep 07, 2009 2:57 pm
Location: Milky Way

Re: OPM breach and credit freeze

Post by Call_Me_Op »

Just received my letter yesterday. Are folks generally signing-up for the ID Experts product? I am considering doing that and also freezing my credit since I do not really use it anymore.

I think one reason for taking advantage of everything they offer is so that they cannot turn around and say they offered help but you refused it.
Best regards, -Op | | "In the middle of difficulty lies opportunity." Einstein
Elysium
Posts: 4120
Joined: Mon Apr 02, 2007 6:22 pm

Re: OPM breach and credit freeze

Post by Elysium »

This may seem like a stupid question, but I am going to ask anyway.

How will it be known to whoever has your social security, dob, address, and other details that you have an account with Vanguard or some other investment company? That information is not reported by credit reporting agencies, and that information is also not present with OPM. So, how will they go about figuring this out. I understand eventually hackers are smart enough to do this, but this is not easily available.
User avatar
Blues
Posts: 2501
Joined: Wed Dec 10, 2008 10:58 am
Location: Blue Ridge Mtns

Re: OPM breach and credit freeze

Post by Blues »

Dieharder wrote:This may seem like a stupid question, but I am going to ask anyway.

How will it be known to whoever has your social security, dob, address, and other details that you have an account with Vanguard or some other investment company? That information is not reported by credit reporting agencies, and that information is also not present with OPM. So, how will they go about figuring this out. I understand eventually hackers are smart enough to do this, but this is not easily available.
Depending on what info the hackers have had access to, my recollection is that security clearances (and the mandatory five year updates to prior approved clearances) required detailed financial disclosures (in order to determine that you were living within your means etc.).
Elysium
Posts: 4120
Joined: Mon Apr 02, 2007 6:22 pm

Re: OPM breach and credit freeze

Post by Elysium »

Blues wrote:
Dieharder wrote:This may seem like a stupid question, but I am going to ask anyway.

How will it be known to whoever has your social security, dob, address, and other details that you have an account with Vanguard or some other investment company? That information is not reported by credit reporting agencies, and that information is also not present with OPM. So, how will they go about figuring this out. I understand eventually hackers are smart enough to do this, but this is not easily available.
Depending on what info the hackers have had access to, my recollection is that security clearances (and the mandatory five year updates to prior approved clearances) required detailed financial disclosures (in order to determine that you were living within your means etc.).
It's not required for all type of clearances, may be for the top. I know they could figure out eventually, but not available readily on the form, depending on the type of clearance. Anyway, this sucks big time. Government collecting everything about your life then not being able to protect it.
User avatar
Blues
Posts: 2501
Joined: Wed Dec 10, 2008 10:58 am
Location: Blue Ridge Mtns

Re: OPM breach and credit freeze

Post by Blues »

Dieharder wrote:Anyway, this sucks big time. Government collecting everything about your life then not being able to protect it.
Can't argue with you there.
DJInvestor
Posts: 33
Joined: Tue Jul 22, 2014 4:10 pm

Re: OPM breach and credit freeze

Post by DJInvestor »

I received my OPM letter yesterday. It came as some surprise since I am not a federal employee, but in the last 2 years I did undergo a background check for employment at a state university. I'm seriously unhappy that my employment credentialing process put me in this position.

I decided to go ahead and sign up for MyIDCare, more to go on record that I have done everything offered to me than to have any real expectations that this will provide any useful service.

I got to the last step of the enrollment and received the message, "We are unable to verify your identity, please contact a support specialist..."

It turns out that the credit freezes I placed last year are doing their job. Hurrah! The very nice support person told me that they can't monitor my credit if my credit is frozen. Fine by me! They can however monitor my identity, and I am still eligible for the identity theft insurance and identity restoration services.

I think that freezing credit and submitting a Form 14039 will provide far more protection than anything the OPM or a commercial service can offer.
User avatar
Blues
Posts: 2501
Joined: Wed Dec 10, 2008 10:58 am
Location: Blue Ridge Mtns

Re: OPM breach and credit freeze

Post by Blues »

DJInvestor wrote:I think that freezing credit and submitting a Form 14039 will provide far more protection than anything the OPM or a commercial service can offer.
Just as a general FYI for those who are interested in availing themselves of this service...the IRS site that enables the online PIN request is down for maintenance from 11/21/15 until an undetermined date in January, 2016. So it will be impossible to request the PIN online until it is reopened.

(The letter from the IRS states, however, that the account has been "marked with an identity theft indicator" so hopefully that offers some modicum of protection in the interim.)
Call_Me_Op
Posts: 9881
Joined: Mon Sep 07, 2009 2:57 pm
Location: Milky Way

Re: OPM breach and credit freeze

Post by Call_Me_Op »

DJInvestor wrote: I decided to go ahead and sign up for MyIDCare, more to go on record that I have done everything offered to me than to have any real expectations that this will provide any useful service.
Bingo. That is the main reason i signed-up.
Best regards, -Op | | "In the middle of difficulty lies opportunity." Einstein
Elysium
Posts: 4120
Joined: Mon Apr 02, 2007 6:22 pm

Re: OPM breach and credit freeze

Post by Elysium »

Blues wrote: (The letter from the IRS states, however, that the account has been "marked with an identity theft indicator" so hopefully that offers some modicum of protection in the interim.)
You mean all accounts that were identified as stolen has been marked with id theft indicator? If so, that makes it very difficult for fraudsters to get a refund, unfortunately what that also means is that such accounts may not receive the refund under the normal schedule, but will likely go through additional scrutiny which may delay refunds.
Mudpuppy
Posts: 7409
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: OPM breach and credit freeze

Post by Mudpuppy »

Dieharder wrote:
Blues wrote: (The letter from the IRS states, however, that the account has been "marked with an identity theft indicator" so hopefully that offers some modicum of protection in the interim.)
You mean all accounts that were identified as stolen has been marked with id theft indicator? If so, that makes it very difficult for fraudsters to get a refund, unfortunately what that also means is that such accounts may not receive the refund under the normal schedule, but will likely go through additional scrutiny which may delay refunds.
You always have the option of adjusting your withholdings to minimize the amount of the refund. It is your money after all. Might as well use it for the entire year rather than wait for tax time to roll around to get it back.

If you opt to have a refund in order to get paper I-bonds, then it's just going to take a little more time now. That is of course if the IRS continues to have this option for refunds.
LetItRide
Posts: 50
Joined: Thu Jan 15, 2015 2:36 pm

Re: OPM breach and credit freeze

Post by LetItRide »

Tycoon wrote:Just got my OPM breach letter. How comforting that the author had her information stolen too; it makes it all better. :annoyed
Got my letter last week! I agree with you about how nonchalant this letter was. So what if the author got her info stolen too! Does not make it right that ALL my information got stolen. This information contains EVERYTHING :twisted: . Also, the credit monitoring/protection is for 3 years only. Based on all the information stolen, people are going to need protection forever. This information should have never been on a non-encrypted server ANYWHERE!
User avatar
Blues
Posts: 2501
Joined: Wed Dec 10, 2008 10:58 am
Location: Blue Ridge Mtns

Re: OPM breach and credit freeze

Post by Blues »

Dieharder wrote:
Blues wrote: (The letter from the IRS states, however, that the account has been "marked with an identity theft indicator" so hopefully that offers some modicum of protection in the interim.)
You mean all accounts that were identified as stolen has been marked with id theft indicator? If so, that makes it very difficult for fraudsters to get a refund, unfortunately what that also means is that such accounts may not receive the refund under the normal schedule, but will likely go through additional scrutiny which may delay refunds.
I can't say with any certainty what it means. Only that the wording was present in the letter...
WHY WE'RE SENDING YOU THIS LETTER

Thank you for sending us documents to support your identity theft report. We verified your documents and marked your account with an identity theft indicator.

You have the opportunity to voluntarily opt in to receive an Identity Protection Personal ID Number (IP PIN) to expand protection of your account from tax-related identity theft...
FedGuy
Posts: 1677
Joined: Sun Jul 25, 2010 3:36 pm

Re: OPM breach and credit freeze

Post by FedGuy »

I was hit by both breaches and signed up for credit monitoring from the first. I then froze my credit, and was therefore unable to enroll in the credit monitoring offered for the second breach. I briefly considered unfreezing my credit long enough to initiate the credit monitoring, but then decided not to bother.

I'm seriously pissed at the IRS online PIN request site being down. I'm feeling irrationally exposed on that one.
Elysium
Posts: 4120
Joined: Mon Apr 02, 2007 6:22 pm

Re: OPM breach and credit freeze

Post by Elysium »

If you freeze credit then even the protection service offered cannot be enabled? What exactly do they do? only credit monitoring? If so, credit freeze should solve that problem I guess, since no one can apply new credit or run credit reports.

Also, wondering if some accounts offer more protection than others like 401K plans vs IRA, since 401k plans generally doesnt allow transferring money out easily and are linked to the employer they may offer better protection.
User avatar
Topic Author
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: OPM breach and credit freeze

Post by VictoriaF »

FedGuy wrote:I was hit by both breaches and signed up for credit monitoring from the first. I then froze my credit, and was therefore unable to enroll in the credit monitoring offered for the second breach. I briefly considered unfreezing my credit long enough to initiate the credit monitoring, but then decided not to bother.

I'm seriously pissed at the IRS online PIN request site being down. I'm feeling irrationally exposed on that one.
Do you mean two OPM breaches, or OPM and something else? I was under the impression that there was a single OPM breach, but they are increasing protection with the second letter recommending ID Experts.

Victoria
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
retiredjg
Posts: 54082
Joined: Thu Jan 10, 2008 11:56 am

Re: OPM breach and credit freeze

Post by retiredjg »

There were two OPM breaches. They were announced pretty close together so you might have though it was one.

https://www.opm.gov/cybersecurity/cyber ... incidents/
User avatar
Topic Author
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: OPM breach and credit freeze

Post by VictoriaF »

Thank you! This means that my June 2015, notification was about the "earlier" breach, and my November 2015 notification was about the June breach. I mentally lumped them together, because June was the month of both, the first notification and the second breach.

Victoria
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
rkhusky
Posts: 17763
Joined: Thu Aug 18, 2011 8:09 pm

Re: OPM breach and credit freeze

Post by rkhusky »

This article lists the various data breaches that might affect Federal workers, but does not include the last one. Note that the credit monitoring service offered for the first OPM breach this year was from CSID.

http://krebsonsecurity.com/2015/06/catc ... pm-breach/
Mudpuppy
Posts: 7409
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: OPM breach and credit freeze

Post by Mudpuppy »

[Response to OT comments removed by admin LadyGeek. The post was also removed.]

And Krebs has a good article out today on the difference between credit freezes and credit monitoring in the wake of the OPM breach: http://krebsonsecurity.com/2015/12/opm- ... vs-freeze/

Here's an earlier Krebs article along the same veins: http://krebsonsecurity.com/2015/09/opm- ... onitoring/
Elysium
Posts: 4120
Joined: Mon Apr 02, 2007 6:22 pm

Re: OPM breach and credit freeze

Post by Elysium »

I called up Vanguard to understand what measures they could do to protect the accounts. Most of it are well known to people on this forum, but still re-iterating.

- Online access can be strengthened with 2F authentication and two options to receive security code
- You can select the option to have security code answered every time instead of only when they do not detect a familiar computer
- Security question answer can be changed to something completely unrelated to your personal data.

- There is an option to do a temporary hold on all redemptions but that is limited to a short duration. This is a good option if you are traveling.
- Regarding wire transfers, they require answering of security questions, and will only do to existing bank account.
- Anytime a new bank account is added to the account, notifications are sent to your e-mail address and your home address if you chose that option.
- Any new bank account added will not be allowed to receive money immediately, there is a holding period.
- Any change in home address and e-mail address will generate notifications to old addresses.

I am purposely not disclosing all the specific details such as duration, but most people on this forum know. If you don't you can call and ask.

Vanguard is generally more conservative in executing transactions, that really is somewhat helpful in situations like this. I feel enough safe guards are in place at Vanguard. The only thing would have been to have the ability to freeze wire transfers and ACH indefinitely.
Last edited by Elysium on Wed Dec 02, 2015 3:20 pm, edited 2 times in total.
User avatar
LadyGeek
Site Admin
Posts: 95686
Joined: Sat Dec 20, 2008 4:34 pm
Location: Philadelphia
Contact:

Re: OPM breach and credit freeze

Post by LadyGeek »

Please stay focused on the credit aspects. Political conjecture is off-topic (discussed on previous page).

Update: I removed a few OT posts.
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
Post Reply