Update on the OPM Data Breaches

houseofrep232wayToday, Chairman Jason Chaffetz (R-UT) of the House Committee on Oversight and Government Reform released a report on the findings of his committee staff regarding the data breaches that the Office of Personnel Management (OPM) announced in June 2015, which disclosed highly personal information of tens of millions of individuals, including millions of current and former federal employees.

The report highlights a timeline of cyber events at OPM, as well as certain actions taken, or not taken, by OPM officials and contractors responsible for the agency’s information technology (IT) infrastructure and personnel information. Binary code

The report also makes a variety of recommendations that include re-prioritizing federal information security efforts and IT management functions; enhancing and modernizing federal web sites, databases, and other IT governance authorities; improving agency contracting and acquisition policies; reducing the use of Social Security numbers to mitigate identity theft; implementing a government-wide cyber workforce strategic plan that includes hiring, pay, and training; and adopting a “zero-trust” IT environment that is based on the concept that “users inside a network are no more trustworthy than users outside a network.”

United States Office of Personnel Management (OPM) logoIn response to the report, both the Committee’s Ranking Member, Elijah Cummings (D-MD) and the Acting Director of OPM, Beth Cobert, have released statements reflecting a difference of opinion about the timing of certain actions and OPM’s and various contractors’ responses.

NTEU’s efforts continue on behalf of our members and their families, who suffered a devastating and unfixable loss of personally identifiable information, to ensure that these individuals receive lifetime credit monitoring and identity theft protection, and to guarantee that this type of cyber data breach doesn’t ever occur again.

This is NTEU CountryThrough legislation enacted last year owing to NTEU’s efforts, OPM is now required to provide ten years of credit monitoring and identity theft protection to affected individuals, and we continue to advocate for lifetime coverage on Capitol Hill. At this time, OPM has not yet disclosed any information or contacted affected individuals about the ten-year extension of the credit monitoring and identity theft protection.

NTEU strongly supports Senator Cardin’s (D-MD) and Representative Eleanor Holmes Norton’s (D-DC) RECOVER Act that would provide compromised individuals with lifetime credit monitoring and identity theft protection (H.R. 3029 in the House; S.1746 in the Senate).

In addition, NTEU continues to pursue its lawsuit, filed on behalf of our members, against OPM, which seeks, among other relief, lifetime credit monitoring and identity theft protection for any NTEU member who received a notice concerning either of the breaches.

I will keep you updated on any further developments regarding these breaches.