recommended reading

OPM Pays Too Much Protecting Breach Victims from Identity Theft, Watchdog Says

Mark Van Scyoc/

The Office of Personnel Management is probably shelling out too much money for identity theft insurance for current and former federal employees compromised in the agency’s massive 2015 data breach, a government watchdog said Thursday.

Congress required the government to offer identity theft protection to victims of that hack, which exposed sensitive security clearance information about more than 20 million current and former federal employees and their families and to provide $5 million in identity theft insurance.

That level of coverage is “likely unnecessary,” however, “because claims paid rarely exceed a few thousand dollars,” according to the report from the Government Accountability Office.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Not only does that mean the government is likely paying too much for coverage; it also could distort the identity theft insurance market, raising prices for private companies and regular consumers, GAO said.

It could also mislead consumers about the value of identity theft insurance, the agency said.

Congress should give federal agencies more leeway in determining how much identity theft insurance they should provide to data breach victims on a case-by-case basis, the government auditor said.

The Office of Management and Budget should also do more analysis about whether providing identity theft services to data breach victims is worth the expense compared to cheaper alternatives, GAO said, and provide better guidance to agencies.

OMB should also explore ways to help agencies paying to insure the same person against identity theft for two separate breaches as OPM is currently doing, GAO said.

OPM officials largely agreed with GAO’s recommendations, the report said.

The OPM breach was widely viewed during the Obama administration as an intelligence-gathering mission by Chinese government-linked hackers rather than an operation aimed at profiting from people’s personal information.

There are no known, verified instances of OPM data being released to criminals.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.