The Office of Personnel Management didn’t have a decision-making policy in place to help it decide when and how to offer identity theft and credit monitoring services to victims of the 2015 cyber breaches. More than a year later, the agency still doesn’t have a plan.
The Office of Personnel Management and its contractor, Winvale/CSID, can’t agree on just how many people need to re-enroll with a new vendor to keep credit monitoring and identity protection services, and they haven’t yet finalized a plan to smoothly transition those victims to the new service provider, ID Experts.
The Office of Personnel Management said it’s notifying about 100,000 to 150,000 cyber breach victims enrolled in credit monitoring services with Winvale/CSID that their coverage will soon expire.
The Office of Personnel Management hopes a redesigned FAQ section will make it easier for victims of the two cyber breaches to access online information on how to protect themselves. OPM also sent a letter to those impacted by the breach, highlighting the work that’s been done to strengthen credit monitoring and identity theft insurance in the year since the breaches were announced.
Rep. Jason Chaffetz (R-Utah) is calling for the removal of the Office of Personnel Management’s CIO Donna Seymour, after the agency’s Office of Inspector General found that the Office of Procurement Operations mismanaged a contract it awarded for identity and credit monitoring services for early victims of the cyber breach.
A new report from the Office of Personnel Management’s Inspector General found the agency’s Office of Procurement Operations did not comply with policies and procedures for the first identity monitoring services contract. The IG also laid out a list of top management challenges OPM is facing, including information security and authorization.
The Navy’s Naval Sea Systems Command will be in charge of hiring a contractor to provide identity-protection services to victims of the breach on the Office of Personnel Management’s background-investigation database. NAVSEA will issue an RFQ early next week. GSA was supposed to send it out this week.
UPDATED: Agencies with the largest percentage of security clearances, such as DoD, DHS and VA, will end up shouldering a huge part of the burden to pay for the credit monitoring services for 21 million current and former federal employees impacted by the second data breach. AFGE and federal officials are angered after acting OPM Director Beth Cobert tells agencies about OPM’s plans to raise its fees for security clearance services it provides in order to recoup the costs of the identity protection services it must purchase for the victims of the attack.
Winvale and its subcontractor CSID want to bid on the larger contract to help the 21.5 million people affected by the breach of OPM’s security-clearance database, Winvale CEO Kevin Lancaster said.
“We’d absolutely go again for it. We have capacity,” he said. “We’ve got the right solutions, the right lessons learned from this one.”
Not everyone is convinced.
Millions of federal employees are finding out their personal data was stolen from the Office of Personnel Management. OPM hired two companies to provide credit and identity theft protection. But Winvale and CSID caused controversy with slow phone response and e-mails that looked like phishing. Winvale CEO Kevin Lancaster and CSID founder Joe Ross joined Tom Temin on the Federal Drive with their side of the story, and tips for what to do when your information is taken.