NTEU this week met with Office of Personnel Management (OPM) Director Katherine Archuleta and the Office of Management and Budget (OMB) concerning the recent federal employee data breaches, and the resulting response.
This briefing was related to the initial personnel breach. NTEU continues to press for additional information related to the second announced breach impacting records related to background investigations.
OPM provided a general status update regarding the June 4 reported breach of personnel records. The majority of email and mailed notifications have occurred by the OPM-selected contractor CSID, though some notifications continue in cases where e-mail notifications were undeliverable or an earlier mailed letter was returned.
Currently, individuals can contact the CSID toll-free line (844-777-2743; international callers collect at 512-327-0705) to verify whether they were affected in the personnel records breach. Also, individuals can fully enroll in the credit monitoring services with a CSID representative on the toll-free line or by visiting the CSID website.
As a reminder, individuals who have not received a notification can contact the CSID toll-free line to verify whether or not they have had information compromised in the June 4 personnel records breach. Also, for residents of New York State, CSID is now providing the missing fraud protection insurance coverage that had not been in place earlier. New York-state required specific information is now being provided from CSID.
At this time, there is no new information as to who has been affected by the second breach that concerns background investigations. The Director of OPM and OMB personnel stated that the DHS and FBI forensic investigation is nearing completion and that they expect to reach out to NTEU, and to begin the actual individual notifications, soon. NTEU will update members as soon as this information is available.
Also at the meeting, the Director of OPM announced a third, separate incident. During the ongoing forensic investigations into the two earlier reported breaches, it has been determined that a system vulnerability exists with the E-QIP system primarily used by OPM, agencies and individuals to handle background investigation forms (Note: this is separate from the announced, actual breach into background investigations databases). While there is no evidence of an actual breach, but rather a possible IT vulnerability, the Director of OPM has now suspended the entire E-QIP system, meaning that no new forms can be submitted either by new hires or by existing employees undergoing a periodic reinvestigation (PRI). At this time, OPM and OMB expect the system to remain down for a period of 4-6 weeks, while IT improvements are made. OPM Federal Investigative Services (FIS), that handles background investigations, is currently in the process of making needed personnel and work adjustments. Existing employees will continue to operate as normal with their current clearance level in place, and their PRI will occur once the system is back up and running. OPM and employing agencies are also currently considering various flexibilities to address the situation for new hires.
NTEU continues to call for immediate blanket credit monitoring and identity theft protection coverage to be extended to those individuals whose information has been compromised in the background investigations breach, and who have yet to be notified. The union is also pressing for these services to be extended beyond the current 18 months now being offered as a result of the personnel records breach—and that they be provided to both affected employees and to their family members, particularly given the high-level of risk faced by these individuals.