Senator Mark Warner, D-Va., and vice chairman of the Senate Select Committee on Intelligence, has written to the Office of Personnel Management (OPM) acting Director Charles Ezell, expressing concerns about potential cuts to identity protection services for current and former federal employees affected by the massive 2015 OPM data breach.
Warner urged Ezell to continue identity theft protection services for the impacted individuals as required by law. The services have been in place since the breach, which exposed the personal information of over 21 million individuals, including Social Security numbers, birthdates, and addresses.
The breach, carried out by Chinese-backed hackers, was a significant incident that rocked Washington and the federal workforce a decade ago. Warner, along with his Virginia Senate colleague Tim Kaine and then-Sens. Ben Cardin and Barbara Mikulski of Maryland, co-sponsored the RECOVER Act to provide identity protection services to those affected.
According to Warner, the Department of Government Efficiency (DOGE) has signaled that these protections may be in jeopardy due to instituted cuts. “Any attempt to prematurely phase out services to the victims of the 2015 OPM breach will introduce tremendous risk to former and current federal employees and create an opportunity for America’s adversaries and criminals to target and potentially further compromise millions of Americans,” Warner wrote.
In his letter, Warner also highlighted that 1.1 million sets of fingerprints, detailed financial, and health records were exposed during the breach. He requested that if OPM decides to “alter or terminate” the current identity protection contracts, Ezell should inform his office and relevant congressional committees as soon as a decision is made.
A 2017 Government Accountability Office report found that OPM had overpaid for an identity theft insurance program, but the protections have continued. The expiration of those contracts is now looming at the end of fiscal 2026.
Background
The OPM breach was a significant cyberattack that exposed sensitive personal information of millions of federal employees and contractors. The incident led to a substantial response from Congress and the affected agencies to mitigate the damage and protect those affected.
Impact of the Breach
The breach not only exposed personal data but also highlighted vulnerabilities in the federal government’s cybersecurity practices. The long-term effects of such breaches continue to be a concern for those affected and for government agencies tasked with protecting sensitive information.
