The Hill: Senate funders vote to extend OPM fraud protection

A Senate committee has agreed to extend identity fraud protections for the victims of the recent hacks that have rattled the government. 

The provision came as part of a larger funding bill that would also boost funding and oversight for the Office of Personnel Management (OPM), the agency at the center of the recent data breach.

The Senate Appropriations Committee on Thursday advanced a bill that would allot $264.5 million for the OPM, which has been struggling to handle the fallout from two damaging cyberattacks that exposed more than 22 million people’s sensitive information.

That funding level is $24 million, or 10 percent, above the agency’s current levels, but still $8 million short of the OPM’s 2016 request. But the committee said it approved all requests for IT security improvements at the agency.

The OPM’s budget is included as part of a larger bill that funds a number of other financial oversight, consumer protection and management agencies.

During Thursday’s markup, the committee adopted several amendments to boost OPM accountability and force the agency to offer more than the three years of identity fraud protection services it vowed to provide.

The level of credit monitoring has been a point of contention between the OPM, lawmakers and hacked employees.

Federal workers unions have filed multiple lawsuits seeking lifetime credit monitoring and unlimited insurance against any fraud that might result from the breach. Both houses of Congress also have bills that would require lifetime fraud protection and up to $5 million in insurance.

Sen. Barbara Mikulski (D-Md.), who backed the Senate’s version of the fraud protection bill, altered her measure slightly and offered similar language as an amendment on Thursday.

The add-on would provide at least 10 years of credit monitoring and $5 million in insurance. It was approved by voice vote.   

“This amendment is an important step in responding to the breaches by doing more to protect the victims,” Mikulski said prior to offering her amendment. “I will not rest until we get the best protection possible for every person affected and our cyber shields are up and effective.”

The Maryland Democrat was rejected, though, on an amendment that would have given the OPM an extra $37 million to speed up by a full year a network modernization plan.

Officials blamed aging equipment and outdated software for many of the agency’s security shortcomings, including its lack of encryption on sensitive data.

Sen. Steve Daines focused on OPM oversight with his amendment.

The Montana Republican got language approved as part of the manager’s package that would require the OPM inspector general to file semi-annual public reports to Congress on the agency’s cybersecurity stature.

Lawmakers, including Daines, have chastised OPM leadership for not heeding years of warnings from the agency’s inspector general about glaring security deficiencies.

Specifically, Capitol Hill was outraged to discover the OPM had declined to follow its watchdog’s recommendation in November 2014 to shut down 11 of its computer systems that lacked a proper security certificate.

The agency said it was concerned that such a move would cause disruptions to employee paychecks and benefits.