The Office of Personnel Management and Interior Department foot the bill for credit monitoring and liability protection for the 4.2 million federal employees affected in the first breach of OPM's networks, however finding funding for another 21.5 million will be a group effort.
In an email circulated to agencies Tuesday, acting OPM Director Beth Cobert said the cost of providing monitoring and protection to almost 10 times the number of current federal employees would be too much for a single agency to bear.
Since the background information in the hacked databases were kept on behalf of other agencies, OPM and the Office of Management and Budget determined that the cost of providing protection services should be spread across the affected agencies.
"Given the limited resources available to OPM at this time to deal with a contract of this size, agencies will be asked to contribute FY 2015 funding to cover the first full year's cost of credit monitoring and related services/benefits for the second incident," Cobert said in the email.
Under the OMB-approved plan, OPM is assessing the cost per person and plans to let each agency know their share of the total cost sometime next week.
The email notes the actual cost per agency won't be known until a contract is awarded.
Each agency with affected employees (i.e., every agency) will have to find funding in its 2015 budget, as well as planning for future payments through 2017, as OPM intends to purchase a plan that includes at least three years of credit monitoring.
"OPM is committed to providing those affected by the recent cyber incident involving federal background investigations data with information and appropriate resources in a timely and effective manner," said OPM Press Secretary Sam Schumach. "OPM is asking each agency to fund a share of the cost of monitoring and protection services approximately proportional to the number of individuals impacted."
OPM Data Breach: What You Need to Know
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.