As Many as 150K OPM Hack Victims Must Re-Enroll to Keep Protection Services

Editors note: OPM initially said up to 600,000 individuals whose personal data was compromised would have to re-enroll in identity protection services, but the agency on Nov. 4 said further review found that only  100,000 to 150,000 had signed up for protection services and would need to re-enroll to continue receiving those services. All 600,000 will receive letters explaining how to either re-enroll in services, or sign up if they haven’t yet done so. The story and headline have been updated.

Some federal employees whose personal information was exposed in the breach of data maintained by the Office of Personnel Management will have to re-enroll to continue receiving credit monitoring and identity protection services, the agency announced Monday.

Of the 600,000 former and current federal workers impacted by the initial OPM hack involving personnel records, as many as 150,000 (those who signed up for protection services) will need to re-enroll to continue to receive those services past Dec. 1.   

The 18-month contract OPM originally awarded to Winvale/CSID is set to expire on that date, at which point ID Experts will take over as the benefits provider. ID Experts is currently providing services for the second OPM breach that exposed the background investigations data of 21.5 million current and former federal employees, job applicants and family members.

OPM has determined that 600,000 individuals of the 4.2 million involved in the personnel records hack were solely affected by that initial breach and not the background investigations breach. Because the other 3.6 million victims were already notified that their information was exposed in the second hack and offered services through ID Experts, they will not receive notifications from OPM of the provider switch.

» Get the best federal news and ideas delivered right to your inbox. Sign up here.

They are, however, eligible to enroll in protection services from ID Experts at any point through the expiration of that contract, which will occur Dec. 31, 2018. Notifications were sent to victims of the background check hack last fall and winter. Individuals who already received ID Experts enrollment information but have not yet signed up can use the materials already sent to them to do so or go to OPM’s website to request a duplicate letter.

Individuals who signed up for services through Winvale, whether or not they also signed up for services through ID Experts, may receive a notification from Winvale letting them know the benefits they had been receiving from the company are expiring, a senior OPM official said.

The official added OPM is requiring the re-enrollment for those who currently exclusively receive benefits from Winvale out of concern over people’s security. The services they are receiving will not change, so long as they re-enroll. Hack victims who already signed up for protection services from ID Experts will not see any change in service and do not need to take any further action.

The change became necessary after Congress decided last year to require OPM to provide 10 years of credit monitoring and identity theft protection to hack victims. OPM had given 18 months of services to the original hack population and three years to the second, larger population. 

Both ID Experts contracts are now set to expire at the end of 2018, at which point OPM will reassess commercial options and award a new contract. The official said this timing would enable OPM to “pursue a better procurement strategy.”

ID Experts is a pre-approved vendor on the General Services Administration’s blanket purchase agreement for federal agencies offering identity protection following hacks, while Winvale is not. Both the process by which Winvale received the original contract, and its performance in providing customer service, came under fire in the months following the announcement.

The new ID Experts contract was competitively bid and awards the company $9.1 million, an OPM spokesman said. 

Of the 4.2 million former and current employees in the original hack, 1.1 million enrolled in protection services; of the 21.5 million victims of the second hack, 2.6 million enrolled. 

This story was updated with information on the value of the new ID Experts contract, and the date at which the CSID contract expires.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • The Big Data Campaign Trail

    With everyone so focused on security following recent breaches at federal, state and local government and education institutions, there has been little emphasis on the need for better operations. This report breaks down some of the biggest operational challenges in IT management and provides insight into how agencies and leaders can successfully solve some of the biggest lingering government IT issues.

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care


When you download a report, your information may be shared with the underwriters of that document.