Senator Warner Presses OPM to do more to protect federal employees following two massive data breaches
Senator Warner Presses OPM to Do More to Protect Federal Employees Following Two Massive Data Breaches
The Office of Personnel Management announced on July 9 that, in addition to the previously announced breach affecting the personnel data of 4.2 million individuals, a second, separate theft affecting background investigation records has compromised the personal data, including Social Security Numbers (SSNs), of 21.5 million current and former employees, contractors, and their families and friends.
Senator Warner has repeatedly pressed OPM to provide more information and resources for Virginians potentially impacted by the breach. Additionally, Senator Warner will continue to call for increased efforts to strengthen cybersecurity to prevent future attacks.
Senator Warner’s efforts:
- As a result of OPM’s inadequate response, Senator Warner called for OPM Director Archuleta to step aside. Director Archuleta resigned on July 10. Senator Warner believes that the technological and security failures at OPM predate this director’s term, but Director Archuleta’s slow and uneven response has not inspired confidence that she is the right person to manage OPM through this crisis.
- On July 9, the Senators from Virginia and Maryland introduced the RECOVER Act (Reducing the Effects of the Cyberattack on OPM Victims Emergency Response Act of 2015) to require expanded identity theft coverage for federal workers, contractors and other individuals affected by these breaches, including lifetime credit monitoring and at least $5 million of insurance coverage for identity theft.
- On July 1, Senator Warner and Senator Tim Kaine (D-VA) pressed Director Archuleta for clear details on how the agency plans to address the government security clearance processing backlog after OPM identified a vulnerability in the e-QIP web-based platform that is used to complete and submit background investigation forms, which resulted in taking the system offline for four to six weeks.
- In addition, on June 23, Senator Warner has called on the Internal Revenue Service (IRS) to work with OPM to protect federal employees and others from tax-related identity theft.
- Senator Warner also wrote to the OPM Director on June 19 to raise concerns about the performance of the contractor OPM hired to provide credit monitoring services and identity theft protection for hack victims, highlighting hours-long wait times and inaccurate data reported by his constituents that call into question the contractor’s ability to appropriately protect them from fraud and identity theft. In the letter, Senator Warner also questioned the procurement process used to award the contract, given that the solicitation was open for an unusually short 36-hour period. OPM has yet to provide a response to Senator Warner’s letter.
- On June 12, Senator Warner led his colleagues from Virginia and Maryland in calling on OPM to do more to protect federal employees whose personal information was compromised as a result of the massive breach and questioned why OPM did not encrypt the SSNs of federal employees, a common practice that provides an additional layer of protection for workers’ personal information. OPM’s response to the Senator Warner's June 12 letter is available here.
- Following the breach, on June 10, Senator Warner joined fellow Intelligence Committee member Sen. Angus King (I-ME) in calling on Senate appropriators to increase funding for cybersecurity upgrades at OPM. Senator Warner believes it is abundantly clear that technology and cyber attackers evolve in real time and the federal government needs more resources and budget certainty to keep their infrastructure current and strong.
Combatting future cyber-attacks:
- Sen. Warner plans to introduce legislation to ensure that federal agencies have robust standards for cybersecurity and that those standards are strictly enforced across the government.
- Senator Warner is preparing to introduce data breach legislation that would create a comprehensive, nationwide and uniform data breach standard requiring timely consumer notification for breaches of financial data and other sensitive information. Senator Warner believes that both the private and public sector need to be better prepared for an increasing number of these cyberattacks.