OPM Blows $133m on Post-Breach ID Monitoring by Phil Muncaster.
From the post:
The US government is set to spend $133m on identity theft protection services for over 21 million victims of the Office of Personnel Management (OPM) breach, despite having failed thus far to inform those affected.
In a statement on Tuesday, the OPM jointly announced with the Department of Defense the award of a $133,263,550 contract to Identity Theft Guard Solutions (ID Experts) for “credit monitoring, identity monitoring, identity theft insurance, and identity restoration services.”
Those affected will get the service free of charge for a period of three years following one of the largest and most damaging data breaches in the US government’s history.
“Millions of individuals, through no fault of their own, had their personal information stolen and we’re committed to standing by them, supporting them, and protecting them against further victimization,” said acting OPM director, Beth Cobert, in a statement.
“And as someone whose own information was stolen, I completely understand the concern and frustration people are feeling.”
Yet the OPM has so far failed to inform those 21.5 million former and current government employees and their families affected by the breach, nearly three months after it first discovered the intrusion.
…
Since Muncaster is from the UK, I’m not sure he understands that identifying the 21.5 million victims of the OPM hack will be yet another contract and then attempts to notify the 21.5 million victims will be a separate contract, with sub-contracts to measure the effectiveness of the attempts to identify the victims, quality of the notification efforts and the environment impact of the paper generated by the contracts separately and collectively.
The OPM money-hole has only just opened.
Within a couple of years it will be a multi-$billion sized hole and growing.