OPM looks to wrap breach notification by early December

The Office of Personnel Management is on track to finish notifying 21.5 million victims of the agency's massive data breach some six months after the intrusion became public.

The final notification letters should be sent by the second week of December, OPM spokesperson Sam Schumach told FCW. The agency has already mailed 14.5 million letters and is printing 800,000 each day.

"We're getting into the final push," Schumach said.

That final push will include old-fashioned letters and a brand-new web portal.

OPM has publicly characterized its hack as two separate breaches -- the first involving 4.2 million personnel records and the second involving a 21.5 million-person background check database -- but internal documents obtained by FCW indicate that the breach was a single sustained assault.

Notifications for the first breach were sent over the summer, but after security concerns about email and allegations of a botched, rushed contract, OPM slowed down, enlisted the Defense Department's help and chose snail mail for the second round of notifications.

Along with hard-copy notifications, the agency will launch OPM Verify, a public portal with two aims: letting victims who haven't yet received their notification letters confirm their status and helping fill the gaps in OPM's address list. Schumach said the portal will be made public in the next week or so.

But how much good will it do?

"Even if you haven't gotten your letter, you kind of know you're on the list and you should be taking steps accordingly," said Larry Allen, president of Allen Federal Business Partners. "If your neighbors and colleagues were breached, you probably were breached, too."

Coming this late in the notification process, the portal will be a "public-facing feel-good thing" that does little to help affected feds, Allen said, adding that few people will likely learn their victim status from the portal because most of the notification letters will have been sent by the time it goes live.

Although Schumach said the portal will also deliver information about breach-mitigation services, Allen questioned its overall usefulness and wondered why scarce IT dollars were being funneled into the project, which involves a non-competitive $1.8 million award from the Defense Information Systems Agency to tech firm Advanced Onion.

On the mailing list front, Schumach confirmed that the agency is pursuing other methods to track down correct addresses for the small percentage of letters that are being returned as undeliverable, including tapping the U.S. Postal Service's databases.

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.