Create Your Account

Welcome to the MyIDCare registration site. Please complete the form below to create and access your account.

Fields marked with an asterisk (*) are required.

Important – Please use the PIN code in the top right hand corner of your letter to enroll yourself and your dependents.

For Spouse or Partner, please use the Spouse/Partner PIN code under your PIN code. This will confirm your Spouse or Partner will receive the same protection services as you.

Pin Code

Enter Info

The following personal information, including a valid U.S. address, is required to verify your identity and activate your monitoring services. Valid U.S. addresses may include those in the 50 states and U.S. territories, and overseas military bases. If you’re eligible for coverage, but don’t have a current U.S. address, please provide the most recent one associated with your credit file.
 

Create Account

Create your account login information below. Your email address and password will be used to access your account on an ongoing basis.
Processing...

About the DHHS System Vulnerability & Identity Pretection Services

Expand All
What happened?

On September 20, Corps officers discovered that unauthenticated users could access personally identifiable information (PII) in the Commissioned Corps Management Information System (CCMIS), which is used to manage human resources functions and payroll. They reported the issue to Commissioned Corps Headquarters (CCHQ), and leadership promptly disabled the website and launched an investigation with privacy and risk analysis professionals from across the Department and government to determine the details of the vulnerability. Consistent with law, the Department gathered relevant facts and informed Corps officers and Congress on October 3.

Based on the investigation, we see no evidence that unauthenticated users could have accessed information other than names, dates of birth, and Social Security numbers. We are not able to determine whether unauthenticated users other than the Corps officers who reported the issue accessed this information. Following the investigation, we made technical fixes to the system and rigorously tested those fixes. On November 18, CCMIS was safely restored and remains available for officers’ use.

On December 12, the Commissioned Corps announced that while we are not aware at this time of any misuse of information in the CMMIS system, in an abundance of caution we are providing affected individuals, including affected dependents, the option to enroll in credit monitoring, identity monitoring, identity theft insurance, and identity restoration services for three years through ID Experts, a company that specializes in identity theft protection. Affected individuals may enroll in these services beginning in December 2016.

Who is affected?

The issue relates to an application on a website that exclusively serves the Commissioned Corps and their unique needs, and the database contains Personally Identifiable Information (PII) information related to current, retired, and former Commissioned Corps officers and their dependents.

When did this happen?

On September 20, Corps officers reported the system vulnerability to Commissioned Corps Headquarters (CCHQ), and leadership promptly disabled the website and began to investigate. On November 18, CCMIS was safely restored and remains available for officers’ use. While we are not aware at this time of any misuse of information in the CMMIS system, in an abundance of caution we are providing affected individuals, including affected dependents, the option to enroll in a suite of identity protection services for three years beginning in December 2016.

What personal information was exposed?

We have confirmed that unauthenticated users could access names, Social Security numbers, and dates of birth, but we see no evidence that unauthenticated users could have accessed any additional information. We are not able to determine whether unauthenticated users other than the Corps officers who reported the issue to us accessed this information.

Is the system now secure?

Since we disabled the CCMIS website in September, we have been working to make technical fixes to the system and rigorously test those fixes. Following these fixes and testing, we are satisfied that the system has the security measures in place to safely restore access to CCMIS. We sincerely appreciate your patience while we worked to secure the system and bring it back online.

How many people are involved?

This issue affects current, retired, and former Commissioned Corps officers and their dependents, which is approximately 40,000 people.

Why didn't you tell affected individuals about the system vulnerability or offer identity protection services sooner?

Upon learning about the system vulnerability, we promptly disabled the website and began to investigate to determine the details of the vulnerability. Consistent with law, the Department gathered relevant facts and on October 3 informed Congress as well as Corps officers for whom we have current email addresses on file. We worked as quickly and thoroughly as possible to gather the relevant information, identify the affected individuals, securely bring the system back online, and secure a contract for providing identity protection services.

What is the deadline for registering for the pre-paid package of identity protection services?

November 22, 2019

Has my personal information been misused

At this time, we are not aware of any misuse or attempted misuse of your information.

What steps are you taking to protect affected individuals, including dependents?

While we are not aware at this time of any misuse of your information, in an abundance of caution we are providing affected individuals, including affected dependents, the option to enroll in a comprehensive suite of identity theft protection and monitoring services at no cost to you.

For three years beginning in December 2016, affected individuals may enroll in credit monitoring, identity monitoring, identity theft insurance, and identity restoration services through ID Experts, a company that specializes in identity theft protection.

We hope you will enroll in these credit and identity monitoring services. Beginning December 12, 2016, ID Experts will mail notification letters to the mailing addresses we have on file for affected individuals. These letters will include instructions for enrolling in services either online or by phone.

Please note that HHS and ID Experts will not contact you to confirm any personal information. If you are contacted by anyone asking for your personal information in relation to this incident, do not provide it.

Is this issue different from breaches of government data sources such as OPM?

Commissioned Corps Headquarters (CCHQ) has confirmed that unauthenticated users could access personally identifiable information (PII) in the Commissioned Corps Management Information System (CCMIS), which is used to manage some human resources functions and payroll for the Commissioned Corps. We have confirmed that unauthenticated users could access names, Social Security numbers, and dates of birth, but we see no evidence that unauthenticated users could have accessed any additional information. We are not able to determine whether unauthenticated users other than the Corps officers who reported the issue to us accessed this information. If you have questions about the OPM breach, please visit www.opm.gov.

Does this issue affect the Direct Access system as well?

We are not aware of any evidence that the issue affecting the Commissioned Corps Management Information System (CCMIS) impacts the Direct Access system managed by the U.S. Coast Guard. The issue relates to an application on a website that exclusively serves the Commissioned Corps and their unique needs, and the database contains information related to current, retired, and former Commissioned Corps officers and their dependents.