Workforce

ID protection to expire for more than 100,000 OPM hack victims

Shutterstock image (by Sergey Nivens): Security concept, lock on a digital screen.

Some federal employees and others whose personal data was compromised in the breach of Office of Personnel Management systems in 2014-2015 will have to re-enroll in the identity protection services offered by the agency.

All of the 21.5 million victims of the breach are eligible for free identity- and credit-monitoring services, but about 100,000 to 150,000 will have to take steps to make sure their coverage is current beyond Dec. 1, according to figures provided by OPM.

In the aftermath of the hacks, OPM awarded two separate contracts to identity protection providers. In June 2015, the 4.2 million victims of the personnel records hack -- the first known breach -- were offered coverage from Winvale Group's subcontractor CSIdentity, a Texas-based identity protection firm.

Those 21.5 million affected by the breach of background check records were offered free credit and identity monitoring, insurance and identity restoration services from Identity Theft Guard Solutions, doing business as ID Experts.

There is considerable but not total overlap between victims of the two breaches.

A group of about 600,000 who were hit only by the personnel records breach were eligible obtain Winvale coverage. Of this group, only about 100,000 to 150,000 obtained the free coverage. There are a few reasons why a civilian federal employee might not have been caught up in the background check breach. Legislative branch employees don't undergo OPM checks, for example.

OPM's $20 million contract with Winvale/CSID is set to expire on Dec. 1. OPM is letting the contract expire to combine all identity coverage from all the victims of the OPM hack under a single contract cycle. All victims are eligible for 10 years of coverage under a congressional authorization.

The OPM inspector general was critical of the agency for rushing the deal with Winvale/CSID. Additionally, CSID missed deadlines and was criticized by Sen. Mark Warner (D-Va.) for providing suboptimal service.

In September 2015, OPM and the Defense Department signed a $133 million agreement with ID Experts to provide services for three years.

OPM plans to mail the group a notification letter in November that includes a 25-digit PIN to register online. Once they enroll, those individuals will begin receiving services from ID Experts on Dec. 2 -- free of charge.

However, if Winvale/CSID receives an insurance claim on or before Dec. 1, the company will complete the case even if it is not resolved until after the contract expires. No ongoing claim cases will be transitioned.

Anyone with questions should visit the Verification Center website. Breach victims who are already registered in the ID Experts database are not affected by the contract expiration.

Correction: This article was updated after OPM revised the number of individuals whose existing coverage is due to lapse.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.