Oversight

OPM broke the rules with its breach cleanup contract, says agency watchdog

Wikimedia image: U.S. Office of Personnel Management seal.

After news broke that millions of feds had been exposed in a breach at the Office of Personnel Management, OPM was in a rush to get the remediation ball rolling.

Perhaps a bit too much of a rush.

In an Oct. 30 memo to OPM's Acting Director Beth Cobert, made public Nov. 12, OPM Inspector General Patrick McFarland pointed to "significant deficiencies" with OPM's $20 million award to Winvale Group and subcontractor CSID.

"We determined that [OPM's Office of Procurement Operations] did not award the Winvale contract in compliance with the [Federal Acquisition Regulation] and OPM's policies and procedures, which led to the OPO selecting the wrong contracting vehicle," the memo stated.

A full report on the contract issues will be released within the month, an OPM IG spokesperson told FCW.

The Winvale/CSID contract has drawn questions for months, largely because OPM's Blanket Purchase Agreement Request for Quotation for identity protection services was open on FedBizOpps for only 36 hours.

"According to procurement experts, such a short turnaround time is highly unusual and raises suggestions that OPM could have intentionally steered the contract to CSID," wrote Sen. Mark Warner (D-Va.) in a June letter to OPM.

"Winvale responded to a posting on FBO.gov, just like every other contractor that submitted a bid," company spokesman Patrick Hillman said in a statement to Nextgov. "Beyond that, Winvale had no control over or insight into the bidding process."

OPM, for its part, is claiming the problem as its own discovery.

"We proactively identified an error with the Winvale contract, raised it with the OIG, and then took action to address this issue at no additional cost to the taxpayer," said OPM spokesman Sam Schumach. "Once the IG report is published, we will provide a formal response."

The Winvale/CSID contract covered credit monitoring and other services for the 4.2 million feds exposed in the first half of the breach revelations. When it came time to award a $133 million remediation contract for the second, larger batch of exposed individuals, OPM took more time and turned to the Defense Department for help.

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.