Home
Media Center
News Releases
Washington, D.C.—The Office of Personnel Management (OPM) must extend credit monitoring and identity-theft protection to federal employees whose files may have been compromised by the second cyberattack discovered on June 8, the head of the National Treasury Employees Union (NTEU) said today.
“NTEU is very concerned that employees affected by the second breach have not been notified or given the opportunity to sign up for services nearly two weeks after the breach was discovered,” NTEU National President Colleen M. Kelley said. “OPM should allow all federal employees to access these services without delay. In fact, that should already have been done.”
OPM said credit monitoring and identity theft protection services are being offered to 4 million people who may have been targeted in the first cyberattack disclosed on June 4. The second breach—which OPM disclosed to federal agencies on June 8 and notified the public four days later—affected many more federal employees and retirees and their family members than the original 4 million. Just how many more is unknown at this point.
Since some 2 million federal employees are already being offered these services as part of the first OPM reported breach, it should be a relatively small number of additional employees who need this coverage extended to them, Kelley said.
OPM has not said who was targeted in the second attack, what information was compromised and to what extent.
“OPM should support maximum relief and protection for federal employees and their families, take responsibility for the breach and employ all of the government’s resources to put a plan in place to ensure a catastrophic event of this nature never occurs again,” President Kelley said. “Federal employees, who must supply their most personal information as a condition of employment, deserve the highest level of protection from their government. Clearly, they have not gotten it and that must change.”
Kelley also urged OPM to quickly resolve customer service problems at CSID, the private firm hired by the agency to provide credit monitoring and ID-theft protections.
NTEU members say CSID is telling them they can sign up only online and not over the phone. Callers are experiencing long waits to talk to operators and some notification letters are being sent to the wrong addresses, according to the NTEU leader.
So far, OPM has offered protections only to affected individuals in the first breach for 18 months. NTEU wants OPM to extend the coverage beyond 18 months. In addition, if the investigation into the second hack finds that data about federal employees’ spouses and children was compromised, the administration should extend coverage to federal employees’ families as well, the NTEU president said.
President Kelley’s comments came as the House Oversight & Government Committee held its second hearing into the cyberattacks on OPM databases.
NTEU, the nation’s largest independent federal union, represents 150,000 employees in 31 agencies and departments.