The Office of Personnel Management (OPM) and the Department of Defense (DOD) on Tuesday awarded a $133-million contract to provide identity theft protection services for those affected by the massive hack of the OPM, which was revealed this spring.
The contract is part of at least $500 million the government is planning to spend to boost fraud protection services for both past and future hacking victims. The OPM has already said it expects other agencies to contribute to the cost of the contract.
Identity Theft Guard Solutions, doing business as ID Experts, will provide a suite of protection services for the 21.5 million federal employees, contractors and others whose personal information was compromised in the second, more significant hack of the agency.
The three-year contract will also cover affected individuals' children under the age of 18.
“We remain fully committed to assisting the victims of these serious cybercrimes and to taking every step possible to prevent the theft of sensitive data in the future,” said acting director Beth Cobert.
The Department of Defense will begin sending direct notifications at the end of this month, a process that will continue over several weeks.
Because the contract was not awarded until two months after the second breach was revealed, some may not find out their data was taken until November.
ID Experts will be under close scrutiny after the firm contracted to handle the first OPM breach — which compromised roughly 4.2 million personnel files — faced fierce criticism from federal workers and lawmakers.
Critics lambasted contractor CSID for a Web site that crashed easily and interminable phone waits to speak to a representative. Affected individuals were also critical of notification emails that came from CSID addresses, which looked like phishing scams to some.
Cobert said Tuesday that the new contract addresses many of the customer-service concerns that plagued CSID. Any emails to victims will come from .mil or .gov addresses, and Cobert said the new contract is designed to accommodate the needs of a much higher volume of covered individuals.
Services include credit monitoring, identity monitoring, identity theft insurance and identity restoration services.
It is believed that the hack was part of a Chinese intelligence gathering mission, rather than one motivated by profiting off of selling stolen personal information. Cobert said Tuesday that the stolen information has not cropped up on the dark Web.
“We have seen no evidence and [the FBI] has seen no evidence that the stolen data from the breach has been exploited,” Cobert said Tuesday.