Fedweek

Benefits of the sort made available to many current and retired federal employees due to the breaches of two OPM databases provide some help to victims but could “mislead” them into thinking they are better protected than they actually are, the GAO has said. Following breaches revealed in 2015 of the main federal personnel database and a separate database on those who had background checks performed on them, OPM offered benefits–some automatic, some opt-in–that are to continue through 2025. However, the GAO said: while credit monitoring helps detect the opening of new unauthorized accounts, it does not prevent such fraud or address misuse of existing accounts; while identity monitoring can alert victims to misuse of certain personal information its effectiveness in addressing such theft is unclear; while an identity restoration service seeks to remediate the effects of identity theft, some of it is limited to providing self-help information rather than direct intervention; and while identity theft insurance covers expenses related to responding to such theft, it generally excludes direct financial losses; and none of those services address medical identity or tax refund fraud, reputational and emotional harm, or loss of privacy. The report added that the $5 million amount of identity theft insurance OPM offers to victims–raised by Congress from the original $1 million amount OPM set–“might give consumers the impression that the insurance coverage is broad when the scope of items covered by identity theft insurance is generally limited to out-of-pocket expenses that are typically modest.” Also, it said that OPM did not document how it decided to issue the contracts in response to the two breaches, which resulted in some duplicative services at higher cost.