Oversight

OPM broke the rules with its breach cleanup contract, says agency watchdog

Wikimedia image: U.S. Office of Personnel Management seal.

After news broke that millions of feds had been exposed in a breach at the Office of Personnel Management, OPM was in a rush to get the remediation ball rolling.

Perhaps a bit too much of a rush.

In an Oct. 30 memo to OPM's Acting Director Beth Cobert, made public Nov. 12, OPM Inspector General Patrick McFarland pointed to "significant deficiencies" with OPM's $20 million award to Winvale Group and subcontractor CSID.

"We determined that [OPM's Office of Procurement Operations] did not award the Winvale contract in compliance with the [Federal Acquisition Regulation] and OPM's policies and procedures, which led to the OPO selecting the wrong contracting vehicle," the memo stated.

A full report on the contract issues will be released within the month, an OPM IG spokesperson told FCW.

The Winvale/CSID contract has drawn questions for months, largely because OPM's Blanket Purchase Agreement Request for Quotation for identity protection services was open on FedBizOpps for only 36 hours.

"According to procurement experts, such a short turnaround time is highly unusual and raises suggestions that OPM could have intentionally steered the contract to CSID," wrote Sen. Mark Warner (D-Va.) in a June letter to OPM.

"Winvale responded to a posting on FBO.gov, just like every other contractor that submitted a bid," company spokesman Patrick Hillman said in a statement to Nextgov. "Beyond that, Winvale had no control over or insight into the bidding process."

OPM, for its part, is claiming the problem as its own discovery.

"We proactively identified an error with the Winvale contract, raised it with the OIG, and then took action to address this issue at no additional cost to the taxpayer," said OPM spokesman Sam Schumach. "Once the IG report is published, we will provide a formal response."

The Winvale/CSID contract covered credit monitoring and other services for the 4.2 million feds exposed in the first half of the breach revelations. When it came time to award a $133 million remediation contract for the second, larger batch of exposed individuals, OPM took more time and turned to the Defense Department for help.

About the Author

Zach Noble is a former FCW staff writer.

Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.