Dealing with OPM's security failure

If you are like me and the other 21 Million Americans whose data was part of the OPM breach, you are probably wondering what you can do about it. There are countless services out there for protecting you against identity theft. Some of them have some merit. Others do not. Mostly, all they can do is monitor your credit and hope to catch something soon AFTER it happens. But how about preventing it from ever happening? Not likely.OPM FAIL!

The biggest risk from the loss of the OPM data is phishing and social engineering. The information in your background investigation makes it easy to craft emails making you think the originator is someone you know or trick someone else (like your bank or credit card company) into believing they are you. That latter issue is the one I would like to address here. (Look for ways to avoid phishing scams to address the other.)

Think about the similarities between the questions on a background check and the questions your bank asked you the last time they wanted to verify your identity.  So what is the best defense against this type of attack? Simple, don’t use the information from your background investigation. Make up a completely new past. If you have ever thought of disappearing and reinventing yourself and your past, now is the time. Think of all the questions you might be asked to verify your identity and make up false information for all of them. Store the answers to those questions someplace secure. Where is the best place? On a piece of paper in a safe locked in the bottom of your closet. You could also store them in an encrypted file, or as a note in an encrypted cloud service such as Lastpass. (Yes. I trust Lastpass. Not sure about any of the other similar services though.)  To get you going, here are just a few of the data points you should include answers to:

  • Your birthday
  • Your children's names
  • Your sibling's names and ages
  • The street you grew up on
  • Your high school
  • Your high school mascot
  • Your first dog's name
  • Your first car
  • Your Mother’s maiden name
  • Your Grandparents names
  • Your parent’s full names
  • You children's birthdays
  • Your childhood best friend
  • Where you met your spouse
  • Where you got married


And anything else a bank or other entity has ever asked you to verify your identity.

Now that you have created your new background, log in to your bank accounts and other important accounts, and update that information with your newly created (and very secret) past. The sooner the better. If you are married, it's a good idea to do the same for your spouse. Since your background investigation could reveal a great deal about your spouse as well. 

Have some other questions you’ve been asked, please include them in the comments.