Senator Mark Warner (D-VA) and Representative Gerry Connolly (D-VA) have sent letters to the Department of Justice (DOJ) requesting briefings and information regarding recent reports of individuals pleading guilty to criminal use of personally identifiable information (PII) obtained through the 2015 OPM data breaches. The OPM data breaches affected 21.5 million individuals resulting from stolen background investigative materials, as well as 4.2 million current and former federal employees from compromised personnel records. Specifically, two individuals pled guilty earlier this month to conspiracy to commit bank fraud and identity theft. The legislators’ letters are linked to their names above for your review.
Under current law, owing to NTEU efforts, the U.S. Government is required to provide credit monitoring and identity theft services to individuals compromised in the 2015 OPM data breaches for a period of up to ten years—which will expire at the end of Fiscal Year 2026. However, NTEU continues to maintain that the coverage period for the credit monitoring and identity theft protection services are not adequate, and that given the nature and severity of the information compromised, federal employees and their families need to be provided with lifetime coverage. NTEU strongly supports and urges enactment of the RECOVER Act, H.R.5765, introduced by Representatives Eleanor Holmes Norton (D-DC) and Dutch Ruppersberger (D-MD), which would ensure that individuals receive lifetime credit monitoring and identity theft services. Recent reports of criminal use of stolen federal employee PII serve to highlight the need for lifetime protection for federal employees given the potential risks.
Information about the incidents, and how to contact the Verification Center, is available from OPM at https://www.opm.gov/cybersecurity/cybersecurity-incidents/.
As I also recently reported to you, NTEU continues its efforts on the lawsuit we filed to provide lifetime credit monitoring and identity theft protection for our members, and to ensure that the U.S. Government does not allow such a severe breach of personal information to happen again.