Norton Pushes OPM to Embrace Her Bill Providing Lifetime Identity Coverage to Federal Employees Impacted By Data Hack

February 25, 2016
Press Release

Norton to Work with OGR Chairman Chaffetz to Require Government Contractors to Submit to Investigations Following Data Breaches

WASHINGTON, D.C.—Congresswoman Eleanor Holmes Norton (D-DC) today at an Oversight and Government Reform Committee (OGR) hearing pressed the importance of her bill to provide free lifetime identity theft coverage to current, former and prospective federal employees whose personal data were compromised in recent U.S. Office of Personnel Management data breaches. Norton’s lifetime coverage bill, which Senator Ben Cardin (D-MD) introduced in the Senate, would cover the more than 21.5 million current, former and prospective federal employees affected by the hacks. Upon questioning by Norton, OPM Acting Director Beth Cobert confirmed that certain personal data of employees and their families is unchangeable and could be exploited by hackers after the expiration of the current 10-year identity theft protection coverage, which Norton got expanded from 18 months and included in the fiscal year 2016 omnibus appropriations bill. Norton asked Cobert if any use had been made of the compromised data by hackers. Cobert responded that OPM is in continual dialogue with law enforcement and intelligence agencies and that so far they have not seen misuse of the hacked data. Norton asked if there was a system set up to inform employees if their data had been misused by hackers, and Cobert responded that there currently is no formal protocol. As a result of today’s hearing, Norton has become concerned that employees whose data has been compromised may not know they are not automatically enrolled in the free credit monitoring service and must opt-in. Norton intends to write OPM to ensure they are making extra efforts to ensure employees know they must take additional action to opt-in to credit monitoring.

Norton also raised concerns about the government’s ability to investigate data breaches of government contractors. She cited the data breach involving Anthem Health Insurance, which provides health insurance to federal employees. The 2015 Anthem breach compromised the health insurance information of nearly 80 million Americans, including federal employees, but Anthem declined to have the U.S. Computer Emergency Readiness Team (US-CERT) investigate the breach. Norton said that as a government contractor, Anthem should not only be required to install the same levels of cybersecurity as government agencies, but that if a breach occurs, the government or an independent agency should be able to conduct an investigation. Cobert said OPM is working on implementing such a provision into future contracts with government contractors. OGR Chairman Jason Chaffetz (R-UT) agreed to work with Norton in a bipartisan fashion to require government contractors with access to federal employee data to submit to Inspector General or similar investigations.

Office Locations

Washington DC Office
2136 Rayburn HOB
Washington, DC  20515
Phone: (202) 225-8050
Fax: (202) 225-3002

Hours: M-F; 9:00am-5:00pm

Washington District Office
1300 Pennsylvania Ave
NW Suite M-1000
Washington, DC  20004
Phone: (202) 408-9041
Fax: (202) 408-9048

Hours: M-F; 9:00am-5:00pm