As the Office of Personnel Management weighs its options for pursuing a contractor, lawmakers are keeping the pressure on the new leadership at the agency to provide appropriate protections to victims of the hack of background investigation information it maintains.
Newly appointed acting OPM Director Beth Cobert, who assumed the post after Katherine Archuleta resigned on Friday, has attempted to proactively assuage those concerns, making phone calls to certain lawmakers to discuss the situation. OPM came under fire for its handling of the contract in the first data breach, which exposed the personnel files of 4.2 million former and current federal employees.
OPM spokesman Sam Schumach told Government Executive Cobert reached out to lawmakers to hear their perspectives.
“Over the past couple of days acting Director Cobert contacted some members of Congress to introduce herself, share her enthusiasm for taking on the challenges immediately facing OPM, and to hear their concerns firsthand,” Schumach said. “She believes keeping key partners, such as Congress, informed is a priority, and is looking forward to building positive relationships on Capitol Hill.”
On Tuesday, Cobert hosted a town hall with OPM employees and met with Cabinet agencies’ chief human capital officers. Cobert must quickly play catch up to get up to speed on the array of problems facing the agency.
Lawmakers and federal employee groups criticized Winvale and CSID, the contractors hired to provide credit monitoring and identity theft protection services to the hack victims, for failing to maintain adequate customer service. They also questioned the hastened process through which the contract was awarded, saying the speed and lack of transparency were problematic.
Sen. Mark Warner, D-Va., wrote a letter to Archuleta asking for more details on how the contract was awarded. A spokeswoman told Government Executive Warner is still waiting for answers on those questions.
“As OPM moves forward to award a contract for credit monitoring services for the second breach, Sen. Warner expects OPM to follow all appropriate contracting guidelines while moving with all due speed to select a contractor that has the capacity and expertise to provide top-quality service to victims of this enormous hack as soon as possible,” the spokeswoman said.
Warner spoke to Cobert Monday evening, pressing her to deal with the fallout of the hacks that affected of a total of 22.1 million people. The senator offered to be a resource for the agency and promised to check to ensure OPM follows through on helping victims and shoring up its systems.
Rep. Elijah Cummings, D-Md., the ranking member of the House Oversight and Government Reform Committee, spoke to Cobert, a spokeswoman said. Cummings “flagged a number of concerns” to Cobert and also offered his help going forward. The congressman specifically asked the acting director to review inspector general recommendations for contracting credit monitoring and identity theft insurance services, among other topics.
Cobert’s outreach will likely come as a welcome change for lawmakers on Capitol Hill, who voiced frustration with Archuleta’s lack of forthcoming information. The former director offered her resignation just hours after she vowed to stay on as agency chief, and following a groundswell of lawmakers -- including Warner -- calling for her head. Members of Congress continually expressed their disappointment in Archuleta in the weeks following the hacks’ disclosure, as she declined to answer questions publicly and refused to take responsibility for the breaches.
OPM has promised three years of a full “suite of services” to the 21.5 million individuals affected by the hack targeting background investigations, to include full service identity restoration support and victim recovery assistance, identity theft insurance, identity monitoring for minor children, continuing credit monitoring and fraud monitoring services beyond credit files.
The White House said last week there is no deadline in place for finding a contractor to provide the services that will be offered to the victims of the second hack, but OPM is “working very aggressively” to do it as quickly as possible. While OPM is “going to work quickly” to make the selection as quickly as possible, White House Press Secretary Josh Earnest said, officials must choose a contractor capable of handling the enormous task ahead.
OPM gave just 18 months of free credit monitoring and up to $1 million in identity theft insurance to those affected by the initial hack.
Most of the people in that group -- about 3.6 million of the 4.2 million affected -- were also affected by the second hack, and will therefore qualify for the increased protections. The American Federation of Government Employees lambasted the disparity, however, for the remaining 600,000 current and former feds.
“It is absolutely outrageous for the Office of Personnel Management to be offering fewer protections to the federal workforce, whose personal information was stolen in the first data breach, than to those whose information was stolen in the second breach,” AFGE National President J. David Cox said. He added there was “no justification for this inequity,” and called on OPM to offer all victims the same level of protection.
AFGE is one of two unions suing OPM for lifetime protections hack victims and major changes to the agency’s network security.