The Office of Personnel Management is looking for a new credit monitoring service for those impacted by the 2015 data breach, but those impacted will receive an extension of their current coverage to ensure that there is no gap, an OPM spokesperson confirmed.
“Individuals currently receiving services through ID Experts (MyIDCare) will not experience any change to their current coverage, and do not need to take any further action at this time,” the spokesperson told Federal Times in a statement.
“Services with ID Experts for those impacted by the 2015 cybersecurity incidents will be extended until June 30, 2019. Enrolled individuals will continue to receive government-sponsored coverage from ID Experts at no cost for an additional six months. There will be no interruption in service for currently enrolled individuals. OPM is currently in the process of soliciting quotations from eligible vendors using the General Services Administration Identity Protection Services Multiple Award Blanket Purchase Agreement. OPM anticipates completing the re-compete award by the end of December 2018.”
The 2015 breach of background investigation records impacted approximately 4.2 million federal employees, job applicants and family members.
This is not the first time that OPM has transitioned breach coverage to a new provider, as they had to instruct feds to move from the original credit monitoring provider, Winvale/CSID, to the current ID Experts contract in late 2016.
National Treasury Employee Union National President Tony Reardon applauded the measures to ensure that feds would remain covered during the transition, stating:
“This protection is essential for the millions of current and former employees whose personal information was stolen in two separate cybersecurity incidents. NTEU asked OPM on Nov. 13 for information on how the protection would continue when the current contract expires in December. The law, supported by NTEU, requires OPM provide coverage to the victims for 10 years, at no cost, through Fiscal Year 2026.”
But some unions, including NTEU, have claimed that 10 years of monitoring is not enough, as information like Social Security numbers, birth information and fingerprints can prove valuable throughout a person’s lifetime.
Litigation is currently ongoing that would require OPM to provide lifetime coverage for those impacted by the breach.