WASHINGTON, D.C. – In a letter sent today, U.S. Senator Joni Ernst (R-IA) continued to push for answers on the Office of Personnel Management’s (OPM) data breach earlier this year. The Iowa Senator urged OPM Acting Director Beth Cobert to notify and provide protections to Iowans impacted by a recent cybersecurity breach affecting background investigation records.

“Although OPM has notified those individuals impacted by a separate but related cybersecurity incident – discovered in April 2015 – affecting the personnel data of 4.2 million current and former Federal government employees and offered them free identity theft monitoring and restoration services, OPM has yet to notify those individuals impacted by the incident affecting background investigation records. This issue has been brought to my attention by a number of my constituents in Iowa who are concerned they may have been affected by this breach and shared their concerns about the lack of communication and support offered by OPM,” Senator Ernst wrote.

Senator Ernst also noted, “It is vital that the victims of this data breach in Iowa be notified as quickly as possible that their personal information has been compromised, and that there are protections available to them. It is concerning that so much time passed – almost three months – between the discovery of the breach and the awarding of a contract to assist in the notification and identity protection process. It is equally concerning that those affected by this breach have yet to be notified – particularly in light of the fact that some non-applicants may have no reason to assume that their information was listed on a background investigation application.”

The Iowa Senator added, “I will continue to follow this issue closely in the coming months and would appreciate timely and appropriate updates on progress made in communicating with the millions impacted by this data breach, which includes a number of my constituents.”

A copy of the letter can be found here.

Earlier this year at a Senate Homeland Security and Governmental Affairs Committee hearing, Senator Ernst sought answers regarding the OPM data breach. Read more here.

 

Text of the letter is as follows:

The Honorable Beth Cobert

Acting Director, U.S. Office of Personnel Management

1900 E Street, NW

Washington, DC 20415-1000

 

Dear Director Cobert: 

I am writing to express concern about the Office of Personnel Management’s (“OPM”) response to the recent cyber incident affecting the background investigation records of millions of current, former, and prospective Federal employees and contractors, as well as state officials and employees in Iowa.

On July 9, 2015, OPM announced that an interagency forensic investigation into the incident – which OPM discovered in early June 2015 – concluded that the breach resulted in the compromise of the records of approximately 21.5 million individuals, including 19.7 million individuals that applied for a background investigation and 1.8 million non-applicant spouses or co-habitants whose information was also listed on applications. By OPM’s own account, the sensitive information compromised included Social Security Numbers, findings from interviews conducted by background investigators, usernames and passwords, and approximately 1.1 million sets of fingerprints. 

Although OPM has notified those individuals impacted by a separate but related cybersecurity incident – discovered in April 2015 – affecting the personnel data of 4.2 million current and former Federal government employees and offered them free identity theft monitoring and restoration services, OPM has yet to notify those individuals impacted by the incident affecting background investigation records. This issue has been brought to my attention by a number of my constituents in Iowa who are concerned they may have been affected by this breach and shared their concerns about the lack of communication and support offered by OPM.

On September 1, 2015, OPM and the Department of Defense (“DoD”) announced the award of a $133 million contract to Identity Theft Guard Solutions LLC, doing business as ID Experts, for identity theft protection services for the 21.5 million individuals whose personal information was stolen in the cyber incident involving background investigations. The agencies further announced that the U.S. Government, through DoD, will begin notifying those impacted “later this month and continue over the next several weeks.” 

It is vital that the victims of this data breach in Iowa be notified as quickly as possible that their personal information has been compromised, and that there are protections available to them. It is concerning that so much time passed – almost three months – between the discovery of the breach and the awarding of a contract to assist in the notification and identity protection process. It is equally concerning that those affected by this breach have yet to be notified – particularly in light of the fact that some non-applicants may have no reason to assume that their information was listed on a background investigation application. 

I will continue to follow this issue closely in the coming months and would appreciate timely and appropriate updates on progress made in communicating with the millions impacted by this data breach, which includes a number of my constituents.  

 

Sincerely, 

Joni K. Ernst, 

United States Senator

 

# # #