OPM Leaves Lawmakers Searching for Answers on Hack

The Office of Personnel Management began sending out explanations this week to the 4 million federal employees and retirees affected by a data breach detected in April, but lawmakers are still asking many questions.

Sen. James Lankford, R-Okla., who chairs the Homeland Security and Governmental Affairs Committee panel on the federal workforce, wrote a letter to OPM on Wednesday asking for more details on the hack, including how OPM plans to pay for the identity theft insurance it has offered those whose personal information was compromised.

“I am extremely concerned about what is ‘among the largest known thefts of government data in history,’ ” Lankford wrote. “Understandably, much speculation and many questions remain.” He added his Regulatory Affairs and Federal Management subcommittee will conduct oversight of the hack, and may soon call a hearing to learn more about it.

Lankford asked OPM for the exact date the breach occurred, how long it lasted, when OPM found out about it and when it notified the proper authorities. OPM has said the hack occurred in December and the agency “became aware” of it in April, noting the FBI and the U.S. Computer Emergency Readiness Team were then called in for assistance. OPM has not made more specific details public.

The senator also asked if OPM has backtracked to use its “updated capabilities” to determine whether other attacks occurred before the most recent breach. He also inquired about what changes OPM will make to its strategic information technology plan, as well as who created the plan as it existed before the breach.

OPM announced it will provide affected employees 18 months of free credit monitoring and $1 million in identity theft insurance through CSID. Lankford wanted to know which appropriations accounts will fund those efforts and what procurement process OPM used to select CSID as the vendor.

Lankford was not the only lawmaker seeking answers from OPM. Rep. Chris Van Hollen, R-Md., also wrote a letter to the agency this week, asking what additional steps it will take to protect federal workers.

“This inquiry is made more urgent by the fact that so little is known about what data was stolen during the breach,” Van Hollen wrote.

Federal employee unions have also fought for more information and protections. National Federation of Federal Employees President William Dougan said federal employees “cannot even get through to a live human to answer their questions.”

“We want to start seeing real answers to the legitimate and numerous concerns of exposed federal employees,” Dougan said. “While we understand there is immense complexity with reviewing a cyberattack, the response to this point has been inadequate. There needs to be far more transparency and support provided in this trying time for federal employees.”