FEDweek

Re-enrollment Needed for Monitoring Services Due to Personnel Records Breach

The original contract to provide identity protection services for those victimized by the breach of OPM’s personnel records database is expiring December 1 and the services are being taken over by a new provider, OPM has said, meaning that those who signed up for optional credit monitoring and identity monitoring related to that breach will have to re-enroll with the new provider. The personnel records was the smaller of the two big data breaches revealed last year, implicating personal information and employment records of some 4.2 million current and former federal employees. Certain identity protection services and identity theft insurance—the maximum amount is now $5 million—were automatic and no action by the victim was required. However, enrollment was required for the monitoring services; OPM has said that about a quarter of those affected signed up. A second breach, of background investigation records, involved some 21.5 million people, including about 3.6 million who also were affected by the personnel records breach, and similar services are available to them through a contract that continues through 2018. The net result is that only the 600,000 who were affected only by the personnel records breach are affected by the change in provider related to that breach, and only those among that group who signed up for the monitoring services and who wish to continue them must re-enroll. They are being sent notices, including a required PIN number, to enroll with the new contractor, which is the same company providing the services related to the background files breach. OPM said that for security reasons, the enrollments could not be directly transferred from the old provider to the new one.