Updates on NTEU Activities in Response to Data Breaches

07/18/2015

Given the surge of information and developments over the last week, below is a comprehensive update regarding all of NTEU’s activities to date in the wake of the June Office of Personnel Management (OPM) announcements of massive personnel and investigation breaches.

Last Friday, OPM Director Katherine Archuleta resigned. Beth Cobert is now OPM Acting Director; until last week, she was serving as Deputy Director for Management at the Office of Management and Budget (OMB). NTEU National President Colleen M. Kelley knows and has worked with Beth Cobert in her OMB role as co-chair of the National Council on Federal Labor-Management Relations.

President Kelley met with Cobert earlier this week at a National Council meeting that focused on the data breaches. At the meeting, President Kelley made it clear that NTEU expects a swifter and more intensive U.S government response going forward for affected employees. The union will continue to ask for a high-level task force to address the many facets surrounding these breaches. NTEU believes that the current levels and time periods for the credit monitoring and identity theft insurance coverage are inadequate. We also continue to press the administration for lifetime coverage.

The Administration

Following the OPM announcement, NTEU took a series of actions with the administration that included a letter to the then-OPM director, as well as a letter with the Federal-Postal Coalition to President Obama, calling for better protection for and more communication to the federal workforce.

NTEU attended numerous briefings with both OPM and OMB officials, posing questions that had come in from our members concerning the breaches and the numerous reports of widespread problems experienced with the CSID notifications and enrollment into the protection programs, as well as pressing our positions on what steps needed to be taken by OPM.

NTEU urged the adoption of a national policy and pushed all agencies where NTEU represents employees to ensure that workers were given time and access to computers in order to verify whether they were affected and to sign up for coverage. President Kelley has continued to press the administration repeatedly, including at this week’s Council meeting, to quickly notify victims of the second breach and to provide credit monitoring and theft protection to all federal employees.

Congress

NTEU has worked with Congress from the start to ensure that lawmakers were kept apprised of what our members were experiencing. The union also has urged legislation to provide lifetime protection for federal employees.

The union’s outreach to Congress led to the introduction of two pieces of legislation to provide free, lifetime credit monitoring and identity theft protection to all affected individuals, including family members who had personally identifiable information compromised, with a higher level of insurance coverage amount ($5 million instead of $1 million). Rep. Eleanor Holmes Norton (D-D.C.) has introduced H.R. 3029 in the House of Representatives and Sen. Ben Cardin (D-Md.) has introduced a similar bill, S. 1746, in the U.S. Senate.

As a reminder, NTEU members can see what they can do regarding this important legislation by visiting the NTEU’s Legislative Action Center.

NTEU is also asking Congress to include an option for individuals to set up credit freezes at no cost. Additionally, NTEU has provided four pieces of testimony to multiple House and Senate congressional committees that held hearings on the OPM breaches, including for last week's joint subcommittee hearing before the House Committee on Oversight and Government Reform. View testimony submitted to last week's hearing.

Lawsuit

In addition to our legislative efforts, NTEU has filed a lawsuit against OPM in the U.S. District Court for the Northern District of California. The lawsuit asserts that, by failing to protect their personal information from unauthorized disclosure, OPM violated NTEU members’ constitutional right to informational privacy. The lawsuit seeks a number of remedies aimed at righting OPM’s wrongs and preventing future harm, including asking the court to order OPM to provide free lifetime credit monitoring and identity theft protection to NTEU members.

Several members have asked whether members’ family or friends are covered by our recently filed lawsuit. Since our complaint was filed only on behalf of members, their family and friends are not covered. NTEU views the approach taken in the lawsuit as giving us the best chance of obtaining relief for our members. The inclusion of claims for others would have greatly complicated, and lengthened, the lawsuit to our members’ detriment.

If, however, NTEU is successful in proving that our members’ constitutional right to informational privacy was violated, we will establish an important legal principle that could allow family or friends affected by the breaches to pursue the same theory against the government. For more information and facts about our lawsuit, visit NTEU’s dedicated web page (for members only).

Current Status

At this time, individuals affected by the personnel records breach (4.2 million), announced on June 4, should have received either an email or mailed letter notification from the OPM-selected contractor CSID. However, we are aware of individuals who CSID failed to notify directly but who may have had information compromised.

NTEU recommends that any federal employees or retirees who have not yet been notified contact CSID directly at its toll-free line (844-777-2743) to verify whether or not they were compromised in the personnel records breach.

Affected individuals in the personnel records breach can enroll for free in CSID credit monitoring for a period of 18 months, and they are automatically covered by identity-theft protection insurance coverage. Information about these services can be found at the CSID website.

As a reminder, NTEU advises members to be wary of unsolicited telephone calls. CSID will not call individuals unless they have either sent CSID an email or left CSID a voicemail requesting a call back.

OPM has not yet begun the notifications for individuals affected by the background investigations breach (21.5 million). Generally, any individual (federal employee, military personnel, or contractor) who submitted an SF-85, 85P, or 86 form since the year 2000, was likely part of this breach. OPM has stated that out of the total number affected, 19.7 million represent individuals who submitted the forms as part of a job application or for their current position, and 1.8 million are the spouse or adult cohabitant listed on these forms.

For the moment, individuals looking for general information regarding this breach can visit OPM’s website. OPM and Department of Defense statements indicate the plan is to send a packet of information via U.S. mail to these individuals, who are to receive some type of credit and identity theft protection for a period of three years.

NTEU will continue to make use of all avenues ─ legislative, judicial, and in all of our ongoing dealings with the executive branch officials from OMB, OPM, and federal agencies ─ to seek relief and protection for our members and their families.

Stay Informed

Check NTEU's web page with updates, helpful information and resources on steps you can take in the wake of the cyberbreaches. Members have to log in to view the page.