I received a letter from the Office of Personnel Management of the US Government. My information, in addition to thousands of others, had been hacked. (Let's hope the same security system is not used on our missile sites.) They promised that we could have credit monitoring to take care of this.
Most would agree. If you f* up, fix it. Fix it quickly. And make sure you don't f* up the repair. And since citizens were now faced the danger of identity theft, make sure you don't punish the victims.
But OPM doesn't understand.
The letter has me log onto a website and enter a 25 digit number. It didn't accept it. I did this three times, each time getting an "Invalid PIN" error. Did this mean I screwed up? Did someone get my PIN and already apply?
There was a phone number to call. I called, and someone said that thousands of PINS were invalid. He then told me to call ANOTHER number.
(He actually said "PIN Number." That's "Personal Identification Number Number." Perhaps from the Department of Redundancy Department?)
I called the next number and went through a phone tree. One option was the "Invalid PIN." I selected that. The woman who answered the phone asked why I called.
Most would agree. If you f* up, fix it. Fix it quickly. And make sure you don't f* up the repair. And since citizens were now faced the danger of identity theft, make sure you don't punish the victims.
But OPM doesn't understand.
The letter has me log onto a website and enter a 25 digit number. It didn't accept it. I did this three times, each time getting an "Invalid PIN" error. Did this mean I screwed up? Did someone get my PIN and already apply?
There was a phone number to call. I called, and someone said that thousands of PINS were invalid. He then told me to call ANOTHER number.
(He actually said "PIN Number." That's "Personal Identification Number Number." Perhaps from the Department of Redundancy Department?)
I called the next number and went through a phone tree. One option was the "Invalid PIN." I selected that. The woman who answered the phone asked why I called.
She proceeded to ask several questions, and required that I read and re-read the 25 digit number to her several times and have her read it back to me. She then read multiple "statements" (blame the lawyers) word for word and I had to state that I understood them.
Finally, she said I'd get a NEW letter with a NEW Pin in 2-4 weeks. Uh, the technology exists to press a "submit" number and have a letter generated immediately.
Better yet, it's now over 13 weeks and still no letter.
Better yet, it's now over 13 weeks and still no letter.
So, let's ask a few questions.
- Why not sign people up automatically?
- Why in the world would I need a 25 digit PIN?
- Your system knew I had the wrong PIN (due to your error). So it had to compare my PIN to my Social Security Number. You had my address on file. So you should have:
- Known WHO was sent bad PINs. You should have sent a new letter as soon as you knew there was a problem.
- Allowed me to generate a new PIN myself, sent to the address on file.
- Why tell me to call a phone number when it wasn't the correct one?
- Why not transfer me to the right group rather than have me call a new number?
- If I select "BAD PIN" from the menu, why ask why I called?
- If I'm already in danger of identity theft, why are you sending out letters in a 2-4 week period AFTER I'm trying to sign up and find you sent me the wrong PIN?
- And why haven't I gotten the PIN after over two months?
So the way the OPM treats the (potential) victims of their f* up, was to place the onus on the (potential) victims to initiate protection. Then, make the process dysfunctional and complicated. Then once people go through the Process to fix the broken Process to fix the security leak, drop the ball.
Why do I have this image of a cat playing with a mouse?
Why do I have this image of a cat playing with a mouse?
No comments:
Post a Comment
Hi. Thanks for your comment. To avoid flaming and subject drift, all comments are reviewed.