The Office of Personnel Management and the Department of Defense has awarded a $133,263,550 contract to the Portland, Ore.-based Identity Theft Guard Solutions to assist with notifying the 21.5 million victims of the June breaches.
The DoD will take the lead in directly notifying the current and former federal employees whose data was compromised – including several who work for the NCUA – over several weeks beginning in late September.
Identity Theft Guard Solutions, which also goes by the name ID Experts, will provide resources and services to the cybercrime victims for three years at no cost. The resources will include credit and identity theft monitoring, identity theft insurance and identity restoration. Insurance coverage for the affected individuals began on Sept. 1.
Which threat has you most concerned?Brokering a breach response contract “is something that has taken some time, because we want to do it right,” OPM Acting Director Beth Cobert told the media. “And we also want to make sure that in the context of the notifications, we don't create any more national security issues than we have through the data that was stolen.”
Cobert added, “As somebody whose data was stolen in this incident as well as in the previous one, I can understand the frustration that people feel. But we want to make sure that we're doing this right.”
In April 2015, the OPM discovered that personal data had been stolen from 4.2 million current and former Federal government employees. The victims of this breach have been notified. In June 2015, while investigating the previous incident, OPM discovered an additional compromise of background investigation records belonging to 21.5 million current, former and prospective Federal employees and contractors.
After the first breach, which was announced in June, the OPM reportedly spent more than $20 million for identity protection firm CSID to notify affected individuals and provide them with identity protection services. Government personnel, however, complained of website crashes and multi-hour call center waiting times when they called to get basic information.
Some victims also complained that the notifications looked like malicious emails, came from a dot.com email address and contained a link to a commercial website. This time, email notifications will come from either a dot.mil or dot.gov address.
“As with any breach, time is of the essence and this is no different,” Ondrej Krehel, founder/principal of the New York City-based cybersecurity intelligence firm LIFARS, explained. “The problem though, is that it could potentially be quite a while before everything is shored up, and if it even makes the deadline. By the time they find out, they'll already be months behind and then they still have investigation and remediation to handle.”
Another expert said the new notification plan could make the situation worse for some victims.
“First of all, the nature of the data stolen requires a lifetime of protection, not just three years,” Stu Sjouwerman, founder/CEO of the Clearwater, Fla.-based Knowbe4, said. “Second, you can count on the bad guys cross-referencing the OPM hack and the Ashley Madison data and start spear-phishing and/or blackmailing the data breach victims. Instead of spending 130 million in credit monitoring, that money would have been spent much better to prevent the hack to start with!”
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
