Victims of 2015 government data breaches need more information about the status of their credit monitoring and identity theft insurance once the contracts for those services expire next month, said Tony Reardon, president of the National Treasury Employees Union.
Reardon last week has asked Office of Personnel Management Acting Director Margaret Weichert to explain the process for continuing this important coverage for millions of people affected by the data breaches, including federal employees and retirees.
In a letter delivered to OPM on Tuesday, Reardon cited the NTEU-supported law that requires OPM to provide coverage to the victims for 10 years, through Fiscal Year 2026.
Millions of people who had their personal information stolen in the OPM data breaches enrolled in free credit monitoring and identity theft insurance provided by the government.
“Given that the expiration of the contracts is set for next month, I am writing to request information about the plan for providing these services past December, the number of current enrollees to be transitioned, and what plans OPM has in place to notify impacted individuals, especially if a new provider is selected and individuals are required to reenroll for services,” Reardon wrote.
Federal employees give OPM extensive personal information as a condition of their employment and do so on the explicit promise that OPM will keep that information confidential. OPM, despite that promise, ignored warnings year after year from its own internal watchdog about its dangerously deficient IT security, leading to the theft of the private information of more than 21 million people.
Earlier this month, NTEU argued in court that its lawsuit against OPM should be allowed to proceed in order to force OPM to take the necessary steps to secure its data and to provide lifetime credit monitoring and identity theft protection for NTEU members affected by the breaches.
The text of NTEU’s letter to OPM is below:
November 13, 2018
The Honorable Margaret Weichert Acting Director
U.S. Office of Personnel Management 1900 E Street, NW
Washington, DC 20415
Dear Acting Director Weichert:
I am writing in regard to the credit monitoring and ID theft services provided to the 21.5 million individuals impacted by the 2015 background investigations cyber incident as well as the 4.2 million impacted by the 2015 personnel records cyber breach at the Office of Personnel Management (OPM). According to section 632 of Division E of the Consolidated Appropriations Act of 2016, Public Law No. 114-113, OPM is required to provide impacted individuals coverage for a period not less than 10 years, lasting through Fiscal Year 2026, and must also provide not less than $5 million in identity theft insurance.
As you know, the contracts for the services provided by ID Experts for individuals impacted by the 2015 cyber incidents are set to expire in December 2018. In 2016, OPM stated that approximately 2.4 million individuals had enrolled for services stemming from the background investigations incident and 1 million had sought services owing to the personnel files data breach. Given that the expiration of the contracts is set for next month, I am writing to request information about the plan for providing these services past December, the number of current enrollees to be transitioned, and what plans OPM has in place to notify impacted individuals, especially if a new provider is selected and individuals are required to reenroll for services.
OPM has a responsibility to protect the information of its employees, both current and former, as well as their families. Federal employees and their families continue to be greatly concerned about the potential harmful effects of such sensitive information being accessible. I look forward to hearing from you on your efforts in this matter.
Anthony M. Reardon, National President