The President of the American Federation of Government Employees, J. David Cox, says that “hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees”. The charge comes in a letter Cox sent today to OPM Director Katherine Archuleta, which also accuses OPM of not doing enough to help federal workers affected by the fiasco:
June 11, 2015
The Honorable Katherine Archuleta Director, OPM
US. Office of Personnel Management
1900 E Street, NW Washington, DC 20415
Dear Honorable Archuleta,
I am writing in reference to the data breach announced by the Office of Personnel Management (OPM). In the days since the breach was announced, very little substantive information has been shared with us, despite the fact that we represent more than 670,000 federal employees in departments and agencies throughout the Executive branch.
OPM has attempted to justify the withholding of information on the breach by claiming that the ongoing criminal investigation restricts your ability to inform us of exactly what happened, what vulnerabilities were exploited, who was responsible for the breach, and how damage to affected individuals will be compensated.
Based on the sketchy information OPM has provided, we believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees. We believe that hackers have every affected persons Social Security numbers), military records and veteransstatus information, address, birth date, job and pay history, health insurance, life insurance, and pension information; age, gender, race, union status, and more. Worst, we believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous.
The 18 months of credit monitoring and 1 million liability insurance that OPM has offered affected employees is entirely inadequate, either as compensation or protection from harm. At a minimum, OPM owes employees free lifetime credit monitoring and liability insurance that covers the entirety of any loss attributable to the breach.
Further, the fact that OPM has outsourced to a contractor, CSID, the responsibility for answering affected employeesquestions adds insult to injury. The terms of the contract apparently do not include guaranteed access to a living, breathing human being knowledgeable enough to answer questions. We ask that OPM reconsider this decision to provide such an inadequate half-measure. Federal employees who have been victimized by this breach deserve more than a difficultto-navigate website and call center contractors who do not know the answersto questions that go beyond a FAQ template.
At numerous agencies, employees are forbidden to use their government computers for any purpose other than a work assignment. They are forbidden from using their government computers to access personal emails or any non-workrelated websites for any reason. Clearly, federal employees dealing with this breach will need to use their computers on duty time to attempt to protect themselves from the effects of this breach. I ask that you coordinate the issuance of directives from the Secretaries of the relevant agencies that permits an exception to these prohibitions for the purpose of attempting to protect their personal information and financial security from the effects of this breach.
Finally, it is crucial that all agencies be instructed to meet their collective bargaining obligations related to this breach. AFGE will issue demands to bargain for represented workers, and we ask that you make certain that management is apprised of its responsibility to respond appropriately.
I understand that OPM is embarrassed by this breach. It represents an abysmal failure on the part of the agency to guard data that has been entrusted to it by the federal workforce. AFGE will continue to work to ensure that core functions of government agencies, such as protecting the security of databases like this one, are well-funded and performed by dedicated federal employees, not costly and unaccountable contractors. I look forward to working with you on this goal.
J. David Cox, Sr. AFGE National President