Patrick Munro knew the letter might be coming, but it still ticked him off.

A “malicious cyber intrusion” at a federal agency had resulted in the theft of his Social Security number and other private information he had provided during his 26-year Army career.

The letter Munro received last month was signed by Beth Cobert, acting director of the U.S. Office of Personnel Management (OPM), and said, “As someone whose information was also taken, I share your concern and frustration. … ”

Indeed, plenty of people can share the sentiments of Munro and Cobert. What’s been described as the worst breach of government data in history affected an estimated 21.5 million people, many of whom have gotten identical letters in recent weeks, confirming their fears.

Munro expressed his frustration to both of Minnesota’s senators.

“I spent a quarter century of my life protecting this country,” said Munro, 51, who runs a landscaping business and lives in Princeton, Minn. “I don’t feel like I’ve been protected.”

The data breach has been a subject of conversation at local meetings of the National Active and Retired Federal Employees Association.

“Everybody’s upset about it, of course,” said Delores Petersen, a retired Social Security employee who leads the association’s Northwest Suburbia-Twin Cities chapter. “All of our personal information, including Social Security numbers, are up for grabs from whoever did this.”

Just when it seemed like no one could top the breach of credit card data at Target and other big companies, along came the still unidentified Chinese hackers whose burglary threatens national security.

The breach discovered in April involved personnel data from 4.2 million current and former federal employees. The second one, detected in June, involved 21.5 million people who were the subject of federal background investigations for security clearances, job applications and the like. The stolen data from the second breach included Social Security numbers, information from interviews and fingerprints.

“Federal experts believe the ability to misuse fingerprint data is currently limited,” the agency wrote to the 5.6 million people whose fingerprints are now in the hands of the thieves. “However, this could change over time as technology evolves.”

The thefts came after unheeded warnings about the agency’s weak security. Cobert took over the agency after the previous director, Katherine Archuleta, abruptly resigned in July under pressure.

Her departure hasn’t ended the controversy. OPM has offered three years of credit monitoring and identity theft protection to anyone affected by the breach. In their rush to award a $20 million contract for those services, however, the agency violated procurement rules and triggered calls from Congress for the firing of its chief information officer.

Minnesota’s U.S. senators offered to help those affected by the breach get access to the services set up to protect them.

“Senator Franken shares his constituents’ concerns about the OPM breaches that compromised millions of Americans’ personal information earlier this year, and he understands their frustration in navigating the path forward,” said Ed Shelleby, Franken’s deputy chief of staff.

Sen. Amy Klobuchar echoed those sentiments, and “also believes we must focus on identifying and holding accountable those responsible for cyberattacks, while also taking stronger steps to secure both our government and private sector networks so that these attacks can be prevented in the future,” said Ben Hill, state director for Klobuchar.

It’s still unclear how much damage has been inflicted by the OPM thefts. But it’s sure to erode whatever confidence people have left that big government and big corporations can protect their privacy.

On Dec. 11, the agency announced that it had contacted 93 percent of those affected by the breach. There are another million-plus individuals they cannot find.

Perhaps they should ask the hackers to do it for them.

 

Contact James Eli Shiffer at james.shiffer@startribune.com or 612-673-4116.