• OPM may have overestimated cost of ID theft services for cyber breach victims

    The Office of Personnel Management didn’t have a decision-making policy in place to help it decide when and how to offer identity theft and credit monitoring services to victims of the 2015 cyber breaches. More than a year later, the agency still doesn’t have a plan.

  • In its final days, confusion reigns over OPM credit monitoring contract

    The Office of Personnel Management and its contractor, Winvale/CSID, can’t agree on just how many people need to re-enroll with a new vendor to keep credit monitoring and identity protection services, and they haven’t yet finalized a plan to smoothly transition those victims to the new service provider, ID Experts.

  • OPM says fewer cyber breach victims need to re-enroll in credit monitoring services

    The Office of Personnel Management said it’s notifying about 100,000 to 150,000 cyber breach victims enrolled in credit monitoring services with Winvale/CSID that their coverage will soon expire.

  • OPM updates cybersecurity site with more user friendly resources

    The Office of Personnel Management hopes a redesigned FAQ section will make it easier for victims of the two cyber breaches to access online information on how to protect themselves. OPM also sent a letter to those impacted by the breach, highlighting the work that’s been done to strengthen credit monitoring and identity theft insurance in the year since the breaches were announced.

  • Lawmaker turns up heat on OPM CIO after cyber contract missteps

    Rep. Jason Chaffetz (R-Utah) is calling for the removal of the Office of Personnel Management’s CIO Donna Seymour, after the agency’s Office of Inspector General found that the Office of Procurement Operations mismanaged a contract it awarded for identity and credit monitoring services for early victims of the cyber breach.

  • OPM’s first credit monitoring contract had ‘significant deficiencies,’ says IG

    A new report from the Office of Personnel Management’s Inspector General found the agency’s Office of Procurement Operations did not comply with policies and procedures for the first identity monitoring services contract. The IG also laid out a list of top management challenges OPM is facing, including information security and authorization.

  • GSA delays contract for services to protect OPM hack victims

    The Navy’s Naval Sea Systems Command will be in charge of hiring a contractor to provide identity-protection services to victims of the breach on the Office of Personnel Management’s background-investigation database. NAVSEA will issue an RFQ early next week. GSA was supposed to send it out this week.

  • OPM’s plan to ‘pass-the-hat’ to pay for data breach services draws ire

    UPDATED: Agencies with the largest percentage of security clearances, such as DoD, DHS and VA, will end up shouldering a huge part of the burden to pay for the credit monitoring services for 21 million current and former federal employees impacted by the second data breach. AFGE and federal officials are angered after acting OPM Director Beth Cobert tells agencies about OPM’s plans to raise its fees for security clearance services it provides in order to recoup the costs of the identity protection services it must purchase for the victims of the attack.

  • Companies hired to help OPM breach victims aim for second contract

    Winvale and its subcontractor CSID want to bid on the larger contract to help the 21.5 million people affected by the breach of OPM’s security-clearance database, Winvale CEO Kevin Lancaster said.

    “We’d absolutely go again for it. We have capacity,” he said. “We’ve got the right solutions, the right lessons learned from this one.”

    Not everyone is convinced.

  • Kevin Lancaster & Joe Ross: What you get with OPM’s identity protection plan

    Millions of federal employees are finding out their personal data was stolen from the Office of Personnel Management. OPM hired two companies to provide credit and identity theft protection. But Winvale and CSID caused controversy with slow phone response and e-mails that looked like phishing. Winvale CEO Kevin Lancaster and CSID founder Joe Ross joined Tom Temin on the Federal Drive with their side of the story, and tips for what to do when your information is taken.