Personnel records data breach

Who’s affected: 4.2 million current and former federal employees

What was stolen: Personally identifiable information including your name, Social Security number, date and place of birth, current and former addresses, job assignments, training records, and benefit selection decisions

OPM response: Provide affected individuals with 18 months of free credit monitoring and $1 million in liability insurance

AFGE’s demand: Free lifetime credit monitoring and liability insurance that covers the entirety of any loss attributable to the breach

Legislation: 'The RECOVER Act' was introduced by Senator Cardin (MD) and Representative Norton (DC) to provide complimentary, comprehensive identity protection coverage to all individuals whose personally identifiable information was compromised during recent data breaches at Federal agencies. Read more.

Background investigation data breach

Who’s affected: 21.5 million individuals, including 19.7 million applicants and 1.8 million non-applicants (primarily spouses or co-habitants)

What was stolen: Social Security numbers, employment and education history, current and former home addresses, passwords used for completing federal employment suitability forms online, findings from interviews conducted by background investigators, and fingerprints for about 1.1 million people

OPM response: Provide affected individuals with 3 years of free credit monitoring and an undisclosed amount of liability insurance 

AFGE’s demand: Free lifetime credit monitoring and liability insurance that covers the entirety of any loss attributable to the breach

Latest Updates

Organizing Toolkit
Use these materials to organize and mobilize members:

AFGE's Politico Ad 

AFGE placed a full-page ad in Politico, calling on the Office of Personnel Management to detail the scope of the massive data breach and provide more assistance to those affected.

AFGE remains frustrated by the lack of information being provided by OPM on the number of current, retired and prospective employees whose information was stolen during two recently announced intrusions into its computer systems. OPM also has not detailed what information was stolen, leaving millions of employees anxiously waiting for answers.
Click here to read the full press release.

What is AFGE doing?

Information on the Class Action Lawsuit

  • AFGE has filed a lawsuit alleging that Office of Personnel Management’s leadership failed to heed warnings, obey security policies and are liable for one of the largest data breaches in U.S. history. Read our release here.
  • If you're a current or former federal employee or retiree, you will be automatically covered by the lawsuit.
  • If you want to talk to someone about the lawsuit or have additional questions, please visit or send an email to[email protected].

Other Activities AFGE is taking on the Data Breach

  • AFGE will demand accountability and will take every necessary step to see that the interests and security of the nearly 700,000 people we represent are addressed.
  • AFGE is working closely with OPM to identify the extent of the breach and ensure that every possible measure to remediate and further protect member information is taken to the fullest.
  • AFGE is demanding employees be granted administrative leave during the work day to register for credit monitoring and fraud protection services and deal with any other fallout resulting from the data breach.
  • AFGE is demanding lifetime credit monitoring services for all federal employees. 
  • Keeping the membership informed with the latest updates on the breach via our website, email and social media.

Important Documents

How do I know if I've been affected?

OPM will alert affected employees with a letter like this one. OPM is providing comprehensive, 18-month membership for credit monitoring services and $1 million identity theft insurance through CSID, a company that specializes in identity theft protection and fraud resolution.  All potentially affected individuals will receive a complimentary subscription to CSID Protector Plus for 18 months.

A PIN code will be transmitted either by email or letter to affected individuals. However, an individual can contact CSID by calling toll-free 844-777-2743 (International callers: call collect 512-327-0705). If an individual provides certain information to CSID, CSID will be able to provide the person’s PIN if the person calls the call center. The PIN will help an individual access the CSID website which will provide information on whether the employee has been impacted and information for registering for the identify theft coverage.

OPM Information Security Tips

Steps for Monitoring Your Identity and Financial Information

  • Monitor financial account statements and immediately report any suspicious or unusual activity to financial institutions.
  • Request a free credit report at or by calling 1-877-322-8228. Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus – Equifax®, Experian®, and TransUnion® – for a total of three reports every year. Contact information for the credit bureaus can be found on the Federal Trade Commission (FTC) website.
  • Review resources provided on the FTC identity theft website. The FTC maintains a variety of consumer publications providing comprehensive information on computer intrusions and identity theft.
  • You may place a fraud alert on your credit file to let creditors know to contact you before opening a new account in your name. Simply call TransUnion® at 1-800-680-7289 to place this alert. TransUnion® will then notify the other two credit bureaus on your behalf.

Precautions to Help You Avoid Becoming a Victim

  • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about you, your employees, your colleagues or any other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
  • Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
  • Do not send sensitive information over the Internet before checking a website’s security (for more information, see Protecting Your Privacy.
  • Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group.
  • Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (for more information, see Understanding Firewalls; Understanding Anti-Virus Software; and Reducing Spam. 
  • Take advantage of any anti-phishing features offered by your email client and web browser.
  • Employees should take steps to monitor their personally identifiable information and report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center. 
  • Additional information about preventative steps by consulting the Federal Trade Commission’s website, The FTC also encourages those who discover that their information has been misused to file a complaint with the commission using the contact information below.

SUBSCRIBE Latest news & info

AFGE Events

Event Calendar is for Members Only. Please Log In to see our calendar of events.