Featured eBooks
Army Trends
CDM
VA Transformation
Pay & Benefits

Feds Hacked in OPM Breach Could Still Receive More Benefits

Victims are still signing up for services at a steady pace.

Eric Katz

|
Eric Katz
Eric Katz
Senior Correspondent

Federal employees and other victims of the hacks of data maintained by the Office of Personnel Management may still receive more expansive or longer protection, according to the head of the company currently providing those services.

The 21.5 million victims of the breach of information collected during background investigations of potential, current and former security clearance holders are now eligible for up to 10 years of identity theft protection and credit monitoring services. OPM originally offered three years and up to $1 million in identity theft protection, but an agency spokesman said Wednesday OPM is currently “taking steps” to expand that program for 10 years and up to $5 million as directed by Congress last year.

Still, that package could leave hacked feds vulnerable, Bob Gregg, CEO of ID Experts -- the company OPM awarded a $330 million contract after the breach was announced -- told Government Executive. OPM has informally kicked around the idea of expanding services to include, for example, medical identity theft protection, Gregg said. He explained that using individuals’ personal information, such as their Social Security number and other data exposed in the OPM hacks, to receive medical services is a growing area of fraud.

The OPM spokesman declined to comment on whether services might be expanded or extended. Some lawmakers have called for hack victims to receive lifetime protections, while federal employee unions have asked for extended services. The agency itself said in the immediate aftermath of the data breaches it would “develop a proposal for the types of credit and identity theft monitoring services that should be provided to all federal employees in the future -- regardless of whether they have been affected by this incident -- to ensure their personal information is always protected.” OPM has yet to put forward such a proposal.

Gregg said he expects that conversation to “heat up” in the near future, as the 18 months of protections offered to the original population of 4.2 million current and former federal employees whose data were exposed in the first hack is soon expiring.

Interest in those types of services has not waned, Gregg said. Typically, companies like ID Experts see a huge wave of signups when notification letters are first sent out followed by a steadily declining number of signups. In this case, however, the number of victims enrolling in the protection services has remained consistent over the seven months since the letters first went out.

Total enrollment has not matched the record-setting level achieved in the original hack population, but according to Gregg remains above average.

The executive conceded that services OPM is offering through his company may not get to the heart of the threat employees whose data were breached might face.

“Unfortunately, we can only use what’s available,” Gregg said. “We’re using what’s available. If there was some database we could monitor for the use of a SF-86 form for the background on a security clearance, we’d be doing that. But there isn’t.”

He mentioned, however, that services OPM is offering such as dark Web monitoring added particular value to this case. He also noted that hack victims enrolled in the services can benefit from the package provided by OPM even if the potential identity theft or credit fraud is not related to that particular breach.

ID Experts has extensive experience in providing protection to individuals whose information was exposed after a breach at a federal agency, including the Social Security Administration, Veterans Affairs Department, Internal Revenue Service, Federal Emergency Management Agency and NASA. Those incidents generally involved non-government civilians whose information was held by the agency, though Gregg noted one of his more interesting cases involved recovering the identity of an astronaut.

While individuals have filed claims with ID Experts enrolled through OPM, there has not yet been any evidence of any individual or group using the exposed information for a nefarious purpose. He cautioned, however, that identity thieves often “sit on” the data they have stolen for a long period of time, waiting for “the noise to die down” before using the information.

Gregg said his company has a strong working relationship with OPM, and he spent the first six months post-contract award giving daily updates to the agency on enrollment rates, call center volume and other bits of information. Those reports have since been scaled back first to weekly and now monthly in frequency. 

Acting OPM Director Beth Cobert -- who replaced Katherine Archuleta after the former director was forced to step down in the aftermath of the breaches -- took a personal stake in ensuring the services were delivered properly, Gregg said.

When the notifications were first being sent, Gregg recalled, Cobert told him, “Every one of those letters has my name at the bottom, so we’ve got to do this right.” 

NEXT STORY: Panel Recommends New Pay and Benefits System for Much of VA Workforce

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.