Army thought OPM hack email was cyberattack

Army thought OPM hack email was cyberattack

The Army flagged a legitimate notification email as a potential cyberattack in the wake of the Office of Personnel Management (OPM) data breach that exposed more than 22 million government employees' data.

The email in question came from CSID, the contractor hired to notify and provide credit monitoring services to the 4.2 million people affected by the first of two intrusions, news website The Intercept reported. It asked recipients to enter personal information into a non-government website’s form.


The Army issued a bulletin warning people that cyber crooks had launched an email phishing campaign targeting victims of the breach. The department’s spam filters blocked many of CSID's emails, delaying identity fraud protection services to victims of the data breach.

After investigators realized the email was legitimate, they adjusted the spam filters.

The confusion illustrates the struggles the OPM has faced since revealing the breach. Agencies have struggled to coordinate with one another and with employees affected by the hack.

The initial notifications came from the email address opmcio@csid.com, confusing employees who were expecting a dot-gov address.

Cyber crooks also tried to capitalize on the knowledge the government was reaching out digitally, sending out imitation emails to lure victims into giving up their personal details.

The Defense Department even temporarily suspended notifications to its employees until a “more secure notification and response process can be put in place,” according to the agency.

The OPM is hoping to apply these lessons during its upcoming round of notifications to the victims of the agency's second hack, which compromised another 21.5 million people’s background investigation data.

OPM officials have said they want to take the time to carefully coordinate among all federal agencies before they start notifying people. The process, they said, could take several weeks.