The largest union of federal workers on Tuesday demanded that federal employees be given free lifetime credit monitoring to compensate them for having their data stolen by hackers to broke into the Office of Personnel Management’s website.
So far, OPM has offered 18 months worth of free credit monitoring to a few million government officials, at a cost of about $20 million. But that cost could grow if the number of affected people grows, and the American Federation of Government Employees is saying a lifetime of coverage is needed to ensure federal workers are protected.
“OPM owes employees and their family members free lifetime credit monitoring and liability insurance that covers the entirety of any loss attributable to the breach,” the union stated in written testimony submitted for the record to a Senate Appropriations subcommittee hearing on Tuesday.
That demand was essentially a rejection of the 18-month plan, which OPM Director Katherine Archuleta told the subcommittee was an industry “best practice.” Archuleta was pressed on the point by senators who seemed sympathetic to the union’s demand.
“Does this heightened level of compromised information warrant additional protections?” subcommittee chairman John Boozman, R-Mont., asked.
“[T]his is what we’re looking at with our partners across government to make sure that we examine the wide range of options that we need to consider,” Archuleta answered. She was referring to a contractor OPM hired to help employees protect themselves from fraud and identity theft, another decision that AF&GE said was flawed.
“Many affected employees and retirees are outraged by what they say is an abysmal experience with CSID and Winvale: outdated or false personal information being provided on employees, a website that crashes repeatedly, and call center contractors who can only provide canned responses to frequently asked questions — if employees can even get through,” the union said in a statement on its website Tuesday, referring to the two companies hired to deliver those services.
In its testimony, the union accused OPM of rushing to award a $20 million, sole-source contract to a company that doesn’t even specialize in credit monitoring.
“Thus far, federal employees have not been able to rely on the accuracy and accessibility of the credit monitoring services that have been provided,” the testimony states. Boozman picked up that complaint as well, asking Archuleta what she is doing to address those concerns.
After first saying that CSID has a lot of experience and worked with Sony Entertainment after North Korean hackers attacked its systems, Archuleta admitted she was frustrated with the vendor.
“I am as angry as you are about that; I want to be sure that they’re doing everything they can to reduce those wait times … my employees should not have to experience that, and that is why we are demanding from our contractor that they improve their services,” she said.
The union is also calling on OPM to “hire federal employees to assist in its response to the breach rather than rely solely on a contractor that may not have the ability and expertise to handle the requests.”
The union did not mince words in its posted statement about how it thinks OPM is doing on the crisis management and communications fronts.
“OPM has bungled the response to this data breach from the get-go, and the news just keeps getting worse by the day,” the statement said. “We went from 4 million affected employees to as many as 14 million, and now at least 18 million, and OPM has refused to answer basic questions about the data that have been compromised.”
The union had harsh words for the Obama administration as well.
“The Obama administration must take immediate steps to rectify a series of failed responses,” it said. “The estimated 18 million people who have had their personal information stolen deserve more than evasive responses, inept customer service, and inadequate security measures.”
