More than 1,100 WPS workers affected by government breach
More than 1,100 current and former WPS Health Solutions workers are receiving notices this month that their personal information was exposed in the federal government’s massive data breach earlier this year. The information that was exposed included Social Security numbers, dates and places of birth, and addresses.
A company spokesman confirmed that anyone currently or formerly at WPS who had a background check completed by the Office of Personnel Management in 2000 or later is affected by the cyberattack on the OPM database.
“Oh, it is stressful knowing that this information is out to a third party, that the information was in the federal government database and it now is in the hands of other individuals or another country. This is going to be in our minds for a long time,” said Chris Morey, a former WPS employee who received a letter from OPM informing him his information had been taken.
WPS serves as a contractor for the Department of Defense for military health claims, which requires many of its staff members to undergo federal background checks before they’re hired.
“As someone whose data was stolen as part of this breach, I want to emphasize that the OPM data breaches did not affect any internal personal records at WPS,” said Mark Schafer, senior director of enterprise IT security at WPS. “Our internal systems were not compromised.”
In a statement to News 3, Schafer said the company had been “proactive in notifying employees about the federal data breach” since June. It posted numerous articles on its internal website and alerted workers about the identity protection services offered by the federal government at no charge to those affected by the breach. He also said WPS warned its employees not to mistake the OPM letter offering free credit monitoring services for the next three years as junk mail.
However, the company did not notify former workers who have also been receiving the letters from OPM alerting them to what happened. The information of spouses and dependent children, which may have been listed on background investigation forms, was also compromised, making the number of people affected by the breach who are or were connected with WPS more than the 1,150 currently estimated by the company.
“The credit reporting, if this company is correct, I believe they will do credit reporting for three years. OK, well after three years the information is still out there in the public or with whoever has it. So what happens after three years?” Morey said.
Mike Masino, an information security expert with Madison College, said the breadth of the information taken will require enhanced monitoring.
“With this you really have to go a lot more in-depth with what you are going to do to defend yourself because now they’ve got all the information needed to get loans and take money out of accounts and all of that. They know all that information about you,” Masino said.
The federal government has said that the Social Security numbers of more than 21 million people were stolen in the cyberattack.