U.S. Sen. Mark Warner (D-VA) wrote to Office of Personnel Management (OPM) Director Katherine Archuleta, raising concerns about the performance of the contractor OPM hired to provide credit monitoring services and identity theft protection for victims following the data breach at the agency affecting at least 14 million federal employees.
In the letter, Sen. Warner highlights complaints he has received from constituents about long wait times and unreliable or inaccurate services being provided by the contractor Winvale via subcontractor CSID, and questions whether Winvale/CSID has the necessary experience and capacity to protect millions of federal workers from identity theft.
“As you are well aware, I have a large number of constituents in Virginia who are current, former or retired federal employees, and in the past two weeks, I have heard complaints from many of them about the poor quality of service provided by CSID. My constituents have reported that the website crashes frequently, and that the company’s dedicated hotline regarding the OPM breach has incredibly long wait times. Wait times of over an hour are not uncommon. Even as I write, CSID is reporting a wait time of approximately 90 minutes to speak with a representative,” the Senator wrote. “Virginians have also expressed frustration and disappointment with the quality of the information CSID has provided them. Many have reported receiving inaccurate or out-of-date information regarding their credit history, which calls into question CSID’s ability to appropriately protect them from fraud and ID theft.”
Added Sen. Warner, “Needless to say, I am deeply troubled by these reports. OPM must hold CSID accountable for timely and accurate responses to federal employees who are rightfully concerned about the impact of this breach. If the company is unable to handle the volume resulting from a breach of this size, the contract should be terminated and awarded to a company that can.”
Sen. Warner also asked OPM to provide information regarding the procurement process used to award Winvale/CSID the contract. According to records at FedBizOpps.gov, the online database of federal government contracting opportunities, the solicitation was open for a period of just 36 hours and was awarded in less than a week, raising questions as to whether OPM could have inappropriately attempted to steer the contract award to CSID.
“As it stands, at least 14 million federal employees have had their personal and financial information exposed and are now, through no fault of their own, at risk for potential fraud and identity theft. OPM has an obligation to take this threat seriously,”wrote Sen. Warner. “The agency’s awarding of this contract suggests, however, that protecting employees exposed by the breach is not the top priority for OPM that it should be. We expect that OPM will act quickly to correct any such impressions.”
Last week, Sen. Warner led his colleagues from Virginia and Maryland in calling on OPM to do more to protect federal employees whose personal information was compromised as a result of the massive breach, including pushing OPM to provide “a significantly longer period of credit monitoring than the current proposed 18 months.”