Navy Takes Charge in Finding a Contractor to Protect OPM Hack Victims

An arm of the Navy that typically deals with high-dollar contracts is taking the lead in the search for a contractor to provide protection services to victims of the Office of Personnel Management data hack.

The General Services Administration, Defense Department and OPM have tasked Naval Sea Systems Command to put out a request for quote for interested bidders. The ultimate contract award will be a made through an interagency collaborative process involving GSA, OPM and the Office of Management and Budget, officials said.

NAVSEA was not chosen for any specific experience dealing with breach response, but more generally for its history with “awarding large and complex contracts,” said command spokesman Brian Leshak. The contract to provide 21.5 million former and current federal employees, contractors, applicants and family members with a suite of credit monitoring and identity theft protection services promises to fit that bill, Leshak added. NAVSEA's headquarters is located in Washington, which also played a role in its selection to lead the process. 

An interagency team will review the proposal and make a decision, Leshak said.

The RFQ spelling out the contract's requirements and soliciting bidders’ best offers was originally scheduled for July 30, but GSA bumped that timetable back to this week. NAVSEA’s request will be the first task order of a blanket purchase agreement, which will also be issued this week by GSA.

The blanket purchase agreement sets up a system to ease repeated filings, suggesting the government expects to be hacked in the future. GSA said the BPA would “provide agencies with holistic identity theft data breach response with identity theft protection services.” The agency initially released plans for a BPA in April -- before the initial OPM hack was made public -- but it scrapped that effort, saying the “scope of the services needed to address these challenges has changed significantly.”

NAVSEA expects to award the immediate contract for protection services related to the hack of background investigations data by the end of August, Leshak said. GSA originally planned on selecting a contractor by Aug. 21, though an OPM spokesman has said that schedule was “notional.”

The delays in finding a contractor to deliver protection services to hack victims has angered potential bidders and hack victims, with the latter group complaining members of the federal and contractor community are anxiously awaiting information if they were affected.

Even after the contracting process is finalized and all the notifications are sent out, Congress could further complicate the situation through its own intervention. A Senate committee has unanimously backed a provision to give hack victims 10 years of credit monitoring and identity theft protection services. A bipartisan pair of House lawmakers introduced a similar measure last week, while a Democratic leader in the lower chamber has endorsed lifetime credit monitoring.

This story has been updated to reflect new information on GSA's anticipated schedule for the contract.