The Office of Personnel Management has yet to notify roughly three-quarters of the current and former government employees and contractors whose information was compromised by hackers more than a year and a half ago, the agency acknowledged this week.
OPM spokesman Samuel Schumach said about 5.5 million notifications had been sent as of Tuesday evening to people affected by two hacks last year, putting the agency on schedule for where it planned to be in early November.
“Before we began mailing the notification letters, we estimated the process would to take up to 12 weeks,” Mr. Schumach told NBC News. “OPM made the decision to ’ramp up’ our mailing rate in order to assess our processes and the ability of the vendor to register impacted individuals for identity theft protection and monitoring services.”
Hackers penetrated OPM’s networks twice in early 2014 and made off with a trove of personally identifiable information, including background check records and biometric data pertaining to millions of people. But with hacks having affected roughly 21.5 million current and former government employees and contractors, more than three-fourths remain to be notified.
“I understand that many of you are frustrated and concerned, and would like to receive this information soon,” OPM Director Beth Cobert said in a statement last month. “However, given the sensitive nature of the database that was breached — and the sheer volume of people affected — we are all going to have to be patient throughout this notification process.”
The Defense Information Systems Agency awarded technology firm Advanced Onion a $1.8 million contract in September to help find and notify people affected by the hacks. Identity Theft Guard Solutions LLC of Portland, Oregon, has received $133 million to spend on credit and identity services for affected people once they have been located.
OPM announced Wednesday that it had appointed a new senior cybersecurity and information technology adviser, Clifton Triplett, to “strengthen our cybersecurity posture and provide assistance to individuals impacted by the recent cyberintrusions.”
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.