- Who is Corn Pop? Here are all the theories about the gang leader from Joe Biden’s past Sunday 4:37 PM
- Fresh sexual misconduct allegations against Kavanaugh spur calls for impeachment Sunday 3:28 PM
- Mike Pence says a triple crown winning racehorse bit him Sunday 12:51 PM
- Disney CEO Bob Iger leaves Apple board amid streaming wars Sunday 12:01 PM
- Influencer Destiny Marquez faces backlash for berating Forever 21 employee Sunday 10:32 AM
- Chelsea Handler tackles system racism in ‘Hello Privilege. It’s Me, Chelsea’ Sunday 9:18 AM
- Gun control proposal: Trump, lawmakers considering background check-conducting app Sunday 9:05 AM
- How to stream Browns vs. Jets on Monday Night Football Sunday 7:00 AM
- What are anons? Sunday 6:30 AM
- How to stream Eagles vs. Falcons on Sunday Night Football Sunday 6:00 AM
- How to stream ‘Power’ season 6, episode 4 Sunday 5:00 AM
- How to stream WWE’s Clash of Champions 2019 Saturday 8:00 PM
- How ‘F*ck off Scotland’ became a Scottish rallying cry amid Brexit madness Saturday 6:28 PM
- A Missouri officer resigned after his Islamophobic Facebook posts surfaced Saturday 5:08 PM
- Adding ‘Triggered’ to stock photos of white men creates Netflix comedy special thumbnails Saturday 3:10 PM
The renewed push for improved digital safety follows a warning from federal employees that the government isn’t adequately protecting them after hackers stole their personnel files from its servers.
Members of the House Committee on Energy and Commerce, which oversees technology issues, wrote to the Government Accountability Office asking for “a review of credit monitoring and other post-breach identity theft services” and “recommendations to enhance consumer protection.”
The Office of Personnel Management has struggled to set up a system for providing identity protection to the 22 million federal employees whose records were compromised. When the first of two breaches was detected, OPM rushed to award a $20 million contract to identity-protection firm CSID to protect the victims of that breach. But the office hasn’t talked to CSID about protecting the victims of the second breach.
These contracting woes have exposed persistent flaws in how the government partners with private companies to provide services to its employees. The morass of issues surrounding federal contracts is nothing new, but the urgency of the need to protect OPM breach victims has added a new dimension to the decades-old issue.
OPM’s contract with CSID for the first breach only included 18 months of protection services. The four senators from Maryland and Virginia, where the majority of the victims live, have introduced a bill to require lifetime protection for federal cyberattack victims.
The House Commerce Committee’s letter cited several breaches of government systems that exposed federal employees’ personal information, and it noted that, in each of these cases, “questions have been raised … about the usefulness and adequacy of credit monitoring services in protecting victims’ credit following a breach.”
The letter also noted that other components of identity protection, including monitoring of suspicious Internet activity, have come under scrutiny. Major providers of these services have been scrutinized for possible false claims; LifeLock, one of the most famous providers, was forced to pay the FTC $12 million to settle false-claims charges. On Tuesday, the FTC announced that it would take further action in that case after LifeLock violated the terms of the settlement.
Committee members laid out six separate questions that they wanted the GAO report to answer, one of which concerned how identity-protection services “evaluate and keep pace with evolving threats.”
Update 3:10pm CT, July 21: Added new information about FTC’s LifeLock case.
Photo via Quazie/Flickr (CC BY 2.0) | Remix by Jason Reed
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.