Oversight

OPM broke the rules with its breach cleanup contract, says agency watchdog

Wikimedia image: U.S. Office of Personnel Management seal.

After news broke that millions of feds had been exposed in a breach at the Office of Personnel Management, OPM was in a rush to get the remediation ball rolling.

Perhaps a bit too much of a rush.

In an Oct. 30 memo to OPM's Acting Director Beth Cobert, made public Nov. 12, OPM Inspector General Patrick McFarland pointed to "significant deficiencies" with OPM's $20 million award to Winvale Group and subcontractor CSID.

"We determined that [OPM's Office of Procurement Operations] did not award the Winvale contract in compliance with the [Federal Acquisition Regulation] and OPM's policies and procedures, which led to the OPO selecting the wrong contracting vehicle," the memo stated.

A full report on the contract issues will be released within the month, an OPM IG spokesperson told FCW.

The Winvale/CSID contract has drawn questions for months, largely because OPM's Blanket Purchase Agreement Request for Quotation for identity protection services was open on FedBizOpps for only 36 hours.

"According to procurement experts, such a short turnaround time is highly unusual and raises suggestions that OPM could have intentionally steered the contract to CSID," wrote Sen. Mark Warner (D-Va.) in a June letter to OPM.

"Winvale responded to a posting on FBO.gov, just like every other contractor that submitted a bid," company spokesman Patrick Hillman said in a statement to Nextgov. "Beyond that, Winvale had no control over or insight into the bidding process."

OPM, for its part, is claiming the problem as its own discovery.

"We proactively identified an error with the Winvale contract, raised it with the OIG, and then took action to address this issue at no additional cost to the taxpayer," said OPM spokesman Sam Schumach. "Once the IG report is published, we will provide a formal response."

The Winvale/CSID contract covered credit monitoring and other services for the 4.2 million feds exposed in the first half of the breach revelations. When it came time to award a $133 million remediation contract for the second, larger batch of exposed individuals, OPM took more time and turned to the Defense Department for help.

About the Author

Zach Noble is a former FCW staff writer.

Featured

  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

  • Workforce
    online collaboration (elenabsl/Shutterstock.com)

    Federal employee job satisfaction climbed during pandemic

    The survey documents the rapid change to teleworking postures in government under the COVID-19 pandemic.

Stay Connected