National Consumers League

NCL calls on Congress to move forward on data security agenda in wake of OPM data breach

June 12, 2015

Contact: Carol McKay, NCL Communications, (412) 945-3242,

Washington, DC - In response to reports that a data breach at the Office of Personnel Management (OPM) may have affected as many as 14 million current and former federal government workers and federal retirees, the National Consumers League (NCL) is urging Congress to move forward on legislation that increases data security requirements for federal agencies and the private sector alike. NCL has also released tips for those affected to remain vigilant against possible spear-phishing attacks and take steps to protect their identities.

“The OPM hack is yet another symptom of the failure of Congress to move forward on comprehensive data security legislation,” said John Breyault, NCL vice president of public policy, telecommunications and Fraud. “While Congressional legislation will not result in perfect data security protection, it can create an important baseline of consumer protection from malicious data breaches. In the face of large-scale breaches at organizations like OPM and smaller breaches as thousands of small businesses, Congress needs to act sooner, rather than later.”

While consumers wait for more robust data protections to come out of Washington, affected current, former, and retired federal workers should take steps to reduce their risk of identity theft. Such steps can include:

  • Check credit reports. Affected workers should visit to check their credit reports from the major credit reporting bureaus. Look for suspicious activity like recently-opened accounts you don’t recognize and dispute them as suspected fraud with the credit reporting bureau.

  • Beware of spear-phishing emails and phone calls. OPM has announced that it will be sending most breach notifications by email from the email address. That email will include the worker’s name and a PIN to enroll in credit monitoring and identity theft protection from identity and fraud protection firm CSID. Phone calls where the caller identifies herself as a representative of OPM are likely a scam. Consumers can also enroll directly in the CSID program online here.

  • Place fraud alerts on credit reports. Consumers should request a free 90-day fraud alert with each of the major credit reporting bureaus. A fraud alert requires businesses to verify an applicant’s identity before credit is provided to an applicant.

  • Take advantage of credit monitoring and identity theft protection. OPM is offering free credit monitoring and identity theft protection and mitigation services to affected employees via CSID. While these services won’t prevent all instances of identity theft, they can be helpful in reducing risk. More information is available here.

  • Mark calendars to file taxes early in 2016. The information reportedly compromised in the OPM breach can be used by cyberthieves to file fraudulent tax returns. Filing early in the tax season (instead of closer to the filing deadline) can help prevent this type of identity theft.

  • Contact banks and credit card companies. Affected workers’ banks may recommend reissuing credit and debit cards and changing checking and savings account numbers. Get in touch with these financial institutions to find out if such actions are necessary. Also, closely monitor monthly statements and dispute any suspicious charges.

  • Update passwords. Changing passwords on online accounts (mail, social media, financial services), particularly if the account is associated with an official .gov email address, can help reduce the risk of account takeover fraud. Tips on creating stronger passwords are available from


About the National Consumers League

The National Consumers League, founded in 1899, is America's pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit