Weeks after the federal government began sending snail mail notifications to the 21.5 million victims of the Office of Personnel Management breach, the Department of Defense proposed creating a hack victims database.

The Pentagon's proposed database, the Defense Manpower Data Center, would store the information in a holding file, according to an Oct. 14 Federal Register notice.

"The information collected will be used only to verify whether or not an individual was impacted by the OPM cybersecurity incident involving background investigation records and to send a letter confirming status as 'impacted' or 'not impacted' by this incident," the proposal stated.

Breach victims are already receiving automatic identity theft insurance coverage and identity restoration services. The government is also encouraging victims to enroll in additional, free services, and delivered notices containing a PIN number, which victims must use to enroll in the covered services.

The Defense Manpower Data Center would retain collected information until the end of the service contract period on Dec. 31, 2018. This would allow employees, retirees and contractors who lose or never receive PIN numbers to use the portal and allow the help desk to determine their eligibility for services throughout the entire contract period.

Earlier this month, the U.S. government began officially notifying victims of the larger breach via mail.

"The letters being mailed to those affected by this incident will describe the comprehensive suite of identity theft protection and credit monitoring services that will be provided for at least three years, at no cost, to impacted individuals and to their dependent minor children," OPM Acting Director Beth Cobert said in an OPM blog post. "An impacted individual is someone whose personal information, including Social Security number, was stolen."

News of the massive breaches began in April 2015, when the OPM discovered a separate but related incident involving personal data stolen from 4.2 million current and former federal government employees.

Then, in June 2015, while investigating the prior event, the OPM discovered an additional compromise of background investigation records belonging to 21.5 million current, former and prospective federal employees and contractors.

As part of the government's effort to notify individuals affected by the theft of background investigation records, the OPM and Department of Defense analyzed impacted data to verify its quality and completeness.

During that process, it was discovered that the number of individuals with stolen fingerprints stood at 5.6 million, not 1.1 million as previously thought.

Stu Sjouwerman, founder/CEO of the Clearwater, Fla.-based cybersecurity firm Knowbe4, noted this is a classic case of reacting after the horse is out of the barn, and is compounded by building a new barn that also might be hacked.

"Moreover, how on earth can they confirm the individual was not impacted?" Sjouwerman asked. "The data stolen is often valid for a lifetime."

After announcing the first breach in June, the OPM reportedly spent more than $20 million to notify affected individuals and provide them with identity protection services. Government personnel, however, complained of website crashes and multi-hour call center waiting times when they called to get basic information.

Some victims also complained that the notifications looked like malicious emails, came from a dot.com email address and contained a link to a commercial website. This time, email notifications will come from either a dot.mil or dot.gov address.

NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).