GAO has been asked to recommend other potential benefits agencies could offer to their employees in response a breach of their personal information, in light of its recent report finding that the benefits the government typically offers in those situations are not necessarily the most effective.
Following the 2015 disclosure of cyber thefts of personnel and background check records on federal employees and retirees, the government offered services such as credit and identity monitoring and identity theft insurance. In a report earlier this year, GAO said that such services could “mislead” victims into thinking they are better protected than they actually are. For example, it said that while credit monitoring helps detect the opening of new unauthorized accounts it does not prevent fraud, and while identity theft insurance covers expenses related to responding to such theft it generally excludes direct financial losses.
In addition to those two major breaches of OPM databases, there have been smaller breaches of employee records at a number of agencies in recent years.
A letter from several members of the House Energy and Commerce Committee asked GAO to report on trends in identity theft, potential better approaches to respond, saying that the government’s current policy “does not address a service’s effectiveness, and may not fully reflect the most useful options agencies should consider in response to a breach.”