The second in command for House Democrats on Friday called for dramatically improved benefits for victims of the hacks of data maintained by the Office of Personnel Management, saying credit monitoring and related services should continue for entire lifetimes rather than just a few years.
Rep. Steny Hoyer, D-Md., called the hacks “egregious” and “very, very troubling,” and said the government must do everything in its power to protect the 22.1 million current and former federal employees, contractors, applicants and family members affected by the breaches of personnel files and background investigations data. Hoyer promised a focused and energetic effort on both sides of the aisle to ensure OPM and other agencies have all the resources they need to offer that protection.
The House Minority Whip said it was “not sufficient” to offer the protection services for three years, as OPM has proposed for the 21.5 million individuals affected by the background investigation data breach. There is no time limit on when hackers can use the information they stole for nefarious purposes, Hoyer explained, and that uncertainty entitles hack victims to lifetime credit monitoring.
He noted, however, that credit monitoring may not go far enough to protect victims of the breach. Some security experts have called credit monitoring “lip service” that fails to address the real problem, which amounts to cyber espionage rather than cyber crime. Hoyer said Congress should acquire a full list of vulnerabilities from experts and OPM and provide whatever services are necessary to protect victims against them.
Even those steps may not go far enough, the top Democrat conceded.
“There may be some things we cannot compensate for,” Hoyer said, noting some hack victims may feel fallout that “is difficult to make people whole.”
Hoyer also indicated Congress may pony up additional funding to help OPM pay for the services it is offering. OPM announced this week it would ask agencies across government to pay for their employees’ share of the benefits, but Hoyer said it should only follow through with that plan if the request comes to a de minimis total.
“I don’t want to see this emergency undermine other programs,” Hoyer said, noting funding levels have been “very, very tight” over the last several years.
Instead, OPM could request an emergency appropriation from Congress, which would allow lawmakers to provide the extra funding without finding an offset. To qualify for the spending boost, OPM would have to demonstrate the need was urgent, temporary and unforeseen.
Even if OPM made that case, there is no guarantee Congress would go along with it. On Thursday, Sen. Barbara Mikulski, D-Md., attempted to attach to an appropriations bill a provision to give OPM $37 million in emergency funding to shore up its network systems, but the Republican majority rejected the measure.
Mikulski successfully convinced the Senate Appropriations Committee to back another amendment to give hack victims 10 years of credit monitoring services and up to $5 million in identity theft insurance. Hoyer applauded that measure, calling it a useful interim step while Congress determines the best way to provide lifetime protections.