Legislation has been reintroduced to require the government to pay to provide lifetime identity theft protection insurance to current and former federal employees and contractors whose personal information was exposed in the 2015 Office of Personnel Management (OPM) data breaches.
Congresswoman Eleanor Holmes Norton (D-DC) introduced the Reducing the Effects of the Cyberattack on OPM Victims Emergency Response (RECOVER) Act (H.R. 7236). She noted in introducing the legislation that Congress has only required OPM to provide ID theft coverage to affected individuals through 2026 and believes that lifetime coverage should be provided.
“We got some identity protection for federal workers and contractors impacted by the data breach as a first step, but only lifetime identity protection will give these workers the peace of mind they deserve,” Norton said. “Because there is no limit to the duration on when the compromised personal information can be used, Congress must protect these federal employees and contractors in perpetuity.”
Norton has introdcued this legislation multiple times before to no avail. Whether it will fare better this time remains to be seen.
What Happened in the 2015 OPM Data Breaches?
There were two data breaches that hit OPM reported publicly in 2015. The first one affected the personal data of 4.2 million current and former federal employees. The second was discovered while OPM was investigating the first breach. It is the larger one of the two. Nearly 26 million people were impacted between both breaches.
China was reported to be behind both cyberattacks. Fallout from the data breaches led to the resignations of both OPM’s then director, Katherine Archuleta, as well as Donna Seymour, the chief information officer at the time.
What types of personal data were compromised?
The first breach impacted personal data of current and former federal employees such as full name, birth date, home address and Social Security Numbers.
The second breach, however, impacted different types of data. It affected background investigation records of current, former, and prospective Federal employees and contractors.
The types of information in these records include identification details such as Social Security Numbers, residency and educational history, employment history, information about immediate family and other personal and business acquaintances, health, criminal and financial history, and other details.
Some records also include findings from interviews conducted by background investigators and fingerprints. Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen.