This week, NTEU received a briefing from the Office of Personnel Management (OPM) on the recent background investigations breach affecting approximately 21.5 million individuals. First announced on June 10, this massive breach involves the theft of Standard Forms 85, 85P and 86 that are filled out by federal job applicants, employees and contractors, as well as other background materials and records, including investigative notes. 

In this week’s briefing, OPM outlined the inter-agency contracting task force that is responsible for the coming notifications for affected individuals, that includes the Department of Defense, the General Services Administration, the Department of Homeland Security and the Federal Trade Commission. OPM has executed an official Request for Quotations (RFQ) contracting vehicle to solicit bids from contractor organizations who ultimately will be tasked with providing the notifications and the credit monitoring and identity theft protection (including identity restoration and insurance). The RFQ contract is expected to be awarded mid to late August. OPM also confirmed that in response to the investigations breach, individuals whose personally-identifiable information was compromised, will receive three years of credit monitoring and identity protection that will extend to any current minor children living in the home.    

NTEU believes that the long delay in notifying and providing protections to those affected is unacceptable and that three years or less of protection is totally inadequate. We continue to advocate with the Administration and on Capitol Hill for lifetime credit protection for all affected individuals, and strongly support Senator Cardin’s (MD) and Rep. Eleanor Holmes Norton’s (DC) RECOVER Act that would provide lifetime credit monitoring and identity theft protection (H.R. 3029 in the House/S.1746 in the Senate). Additionally, NTEU continues to pursue our lawsuit to provide lifetime credit monitoring and identity theft protection for our members to ensure that this never happens again.

Meanwhile, at the SEC, NTEU Chapter 293 is continuing to press for lifetime credit monitoring. We requested this service given the fact that the SEC's Ethics Office is now requiring all SEC employees to upload their sensitive financial statements onto an SEC server--even though it appears that the Ethics Office does not even review all of this information each year, but only "spot checks" some statements. In light of these facts, and given the SEC's history of at least two PII breaches in the past few years, the union believes that credit monitoring is the least that the agency can and should do to protect the identities of the employees we represent. We were close to getting an agreement on this with the agency before the massive OPM data breach. Incredibly, since that news that the PII of most SEC staff has already been compromised, OHR at the SEC started to drag its feet on signing an agreement with the union, presumably in the hope that OPM might pick up the tab. Given the fact that, to date, OPM's credit monitoring proposal is not for all employees, and will only last for three years, we believe that it is insufficent. Accordingly, we will continue to press for credit monitoring from the SEC. And, as always, we will continue to advocate for a culture change in OHR and senior management; the frontline employees' representatives should not have to fight for these types of basic protections for agency staff. Management should be providing them willingly.

The union will keep you updated on any further developments regarding these breaches. As a reminder, OPM is providing general information on the breaches that is being updated at:  https://www.opm.gov/cybersecurity .