The Office of Personnel Management has sent out 7.7 million notifications to victims of data breaches to let them know their personal information was compromised, according to the agency. This is slightly more than one-third of the total number of notifications the agency plans to issue.
The pace for sending out the notifications -- which are being delivered entirely by the U.S. Postal Service rather than email -- “picks up as we go,” acting OPM Director Beth Cobert said at a public meeting on Tuesday.
OPM originally said notices to all hack victims would go out within 12 weeks of the selection of a contractor, but has since said it will happen within 12 weeks of when the first notifications were sent out. That would put the agency on track to complete the notification process by Jan. 1, though officials said “the bulk” of notices would go out “within the first weeks” of mailing. Now about halfway through its own revised timeframe, OPM is still only about one-third of the way done sending notifications. By the end of the week, OPM expects to have 9 million notifications out the door, or more than 40 percent of its total.
That pace “still keeps us on rack for the 12-week figure,” said Sam Schumach, an OPM spokesman. “We’re not seeing any other challenges.”
In all, OPM will have to mail out 21.5 million notices to employees or applicants that received background investigations, and in some cases to their spouses or cohabitants as well. Of those who received their notification letter, about 5 percent have enrolled in the suite of protective services being offered to them. That rate is far below the 22 percent “take rate” in the original hack of 4.2 million former and current federal employees’ personnel data, but still ahead of the rate seen in private sector and state government breaches.
Cobert warned the letters are being sent out in a “randomized order,” so affected individuals who received their notifications but whose spouses have not have no cause for concern. The acting director reiterated a plan to establish a “verification center” by the end of November for individuals who believe who they were impacted by the hack but have not received a letter.
OPM has a call center already set up, but it is only for employees who have already received their notification and want assistance in enrolling in services. Cobert said OPM is monitoring the average wait time -- which caused an onslaught of complaints in the first round of notifications -- for those calls.
Cobet praised the collaboration between the Defense Department, Homeland Security Department and other agencies to coordinate the response to the hacks of data maintained by OPM, calling it a “phenomenal interagency effort.”
(Image via Mark Van Scyoc / Shutterstock.com)