Data Breach: What to Do If Clients Are Federal Employees

Karen Schaeffer's clients were not as scared as she thought they should be. News that hackers had broken into a database of federal government employee information had put her on edge but her clients were taking it in stride.

"They weren't really terrified," says Schaeffer, a financial planner who has built her practice around advising federal employees.

But they had good reason to be alarmed. The database that had been compromised includes data on more than 4 million active federal government employees and retirees, including Social Security numbers, job assignments, performance ratings and security clearance applications, although it isn't known yet precisely who was affected by the breach and what data was stolen. "We have to teach our clients to be more diligent," declares Schaeffer, the managing member and co-founder of Schaeffer Financial, which is based in Rockville, Md., and has $140 million assets under management.

Given all the uncertainties, Schaeffer has begun working with her clients to monitor all their accounts for suspicious activity. She worries they may be too complacent, because most of them don't think like the criminals and often fail to realize how vulnerable they may be. So she is teaching them what to check, following up to ensure that they did and, in her words, "giving them gold stars when they do."

Other advisors, even those without federal employees and retirees as clients, may want to take note of her approach, given the rampant nature of the attacks aimed at stealing personal and financial data.

TO-DO LIST FOR HACKING VICTIMS

This to-do list for the potential hacking victims, put together by Schaeffer and other advisors, includes:

  • Guard against phishers by not answering questions posed during unsolicited phone calls.
  • Withhold all personal information until verifying the legitimacy of the requestor.
  • Never click on links embedded in emails.
  • Review all bills closely to make sure that the charges are ones you actually incurred.
  • Consider instructing lenders to disallow additional lines of credit without in-person verification.

Gerald Cannizzaro, who contributed to the list, agrees with Schaeffer's view that potential hacker victims need encouragement to respond effectively. A former federal employee and partially retired financial planner in Reston, Va., Cannizzaro plans to tell his remaining clients that "The best thing people can do is monitor their credit cards." He worries that government-issued cards will be particularly vulnerable.
Both Cannizzaro and Schaeffer are concerned that the hackers, or those who purchase the purloined data, may try and use it to blackmail the victims. “But we don’t know and there is nothing to act on now,” says Schaeffer.

The two financial advisors share an even more personal stake in the affair: They each received letters from the government informing them that their own data may have been compromised by the breach.

As a retired federal worker, Cannizzaro wasn't surprised that he received the notice. But Schaeffer didn't realize until she received the letter that her application to participate in the Transportation Safety Administration's Pre-Check program, which makes it easier to get through airport security, meant that her data had been entered into the compromised database. "Just what I needed," she says.

Miriam Rozen is a reporter for Texas Lawyer who writes about financial planning and services.

Read more:

For reprint and licensing requests for this article, click here.
Practice management Technology Compliance Law and regulation Financial planning
MORE FROM FINANCIAL PLANNING