The Defense Information Systems Agency awarded a $1.8 million contract to Advanced Onion Inc. to help find and notify the 21.5 million Office of Personnel Management cyber breach victims.
The defense and intelligence based tech company will build a website that helps users check if they’ve been affected by the hack by cross checking personal data by securely logging into a site run by the Defense Manpower Data Center (DMDC).
“The contractor shall provide website development support to enable a self-service, user friendly, public website managed on the DMDC infrastructure,” the notice said. “Personnel will be able to securely provide personal identifiable information (PII) in order to investigate their eligibility without calling a government call center.”
Under the one-year contract, Advanced Onion also will build a system that tracks notification emails that have bounced back from accounts and log why they were returned.
“The contractor shall develop, test and implement procedures to handle the processing of returned mail,” the notice said. “Trained analysts will manually process forms by scanning the quick response code on each mailing in order to record the reason for return. A database will be developed in order to capture and track the information. Individuals who believe they may have been affected by the breach, but have not received notification will be able to manually complete a form to submit to the government verification service provider, who will process each form and take action as necessary.”
The email logging system will go live on Oct. 9, and the website is scheduled to launch Nov. 17.
NextGov first reported the contract award.
DISA released a Justification and Approval notice detailing the award to Advanced Onion without competition. In the J&A, DISA said Advanced Onion was the only competing contractor with all the resources the agency was asking for.
“There were small businesses that could potentially perform pieces of the work, however, it is unlikely that any other contractor could perform the entire requirement within the compressed time frame necessary,” the document stated.
Qualifications for the contract included having Top Secret facility clearance, a comprehensive understanding of the DMDC infrastructure and the know-how for operating the Defense Department’s hardware and software for OPM data analytics.
DoD and OPM have been working together since the second major breach was made public in July. The Naval Sea Systems Command awarded a $133 million contract to ID Experts for identity protection services. OPM said in July notifications to victims of the second, larger data breach would go out at the end of September. Based on this contract to Advanced Onion, mailings should begin shortly.
More from Federal News Radio:
After OPM cyber breach, what’s the next step for agencies?