Since discovering the data breach that affects millions of current and former federal employees in April, the Office of Personnel Management (OPM) has so far refused to share with AFGE detailed information about the breach, citing the ongoing criminal investigation. This led us to believe that things are actually worse than OPM had led on. We now believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of all of the personnel data for every federal employee, every retiree, and up to one million former federal employees.
We also believe that hackers have every affected person’s Social Security number, military records and veterans’ status information, address, birth date, job and pay history, health insurance, life insurance, pension information and more.
“Worst, we believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous,” AFGE said in a letter to Office of Personnel Management Director Katherine Archuleta.
AFGE demands that OPM take full responsibility for the breach. At a minimum, OPM should provide free lifetime credit monitoring and liability insurance that covers the entirety of any loss attributable to the breach, instead of the 18 months of credit monitoring and $1 million liability insurance that OPM has offered.
AFGE is also disappointed that OPM has outsourced the responsibility for answering affected employees’ questions to a contractor, CSID.
“The terms of the contract apparently do not include guaranteed access to a living, breathing human being knowledgeable enough to answer questions. We ask that OPM reconsider this decision to provide such an inadequate half-measure,” AFGE said in the letter. “Federal employees who have been victimized by this breach deserve more than a difficult-to-navigate website and call center contractors who do not know the answers to questions that go beyond a FAQ template.”