- Is Trump defiling the U.S. flag in this MAGA dude’s artwork? Sunday 4:41 PM
- White woman claims she invented sleep bonnets, selling them for $100 Sunday 4:03 PM
- Even real cats are transfixed by the enigma that is the ‘Cats’ trailer Sunday 3:04 PM
- Wait, how tall is Peppa Pig? Sunday 1:55 PM
- Twitter suspends Iranian state media outlets for harassing members of a religious minority Sunday 1:06 PM
- Pro-MAGA pageant queen stripped of title over ‘offensive’ tweets Sunday 11:52 AM
- Marvel unveiled its Phase 4 plans at San Diego Comic-Con Sunday 9:16 AM
- How a queer Instagram is helping fight the opioid epidemic in Appalachia Sunday 6:30 AM
- Philadelphia to fire 13 officers for racist, violent Facebook posts Saturday 6:12 PM
- Nick Offerman is so down to play every single role in ‘Cats’ Saturday 4:27 PM
- Woman documents how airport staff broke her wheelchair Saturday 3:04 PM
- Funeral home allegedly posted photos of woman’s dead body on social media Saturday 1:56 PM
- Alinity Divine is being investigated after throwing her cat during stream (updated) Saturday 12:04 PM
- ‘Comedians In Cars Getting Coffee’ returns with Seinfeld making a racist joke about China Saturday 10:26 AM
- YouTubers Eugenia Cooney and Shane Dawson make a joint comeback Saturday 9:06 AM
Congress wants to know how well identity-protection services really work
The OMP hack fallout continues.
The renewed push for improved digital safety follows a warning from federal employees that the government isn’t adequately protecting them after hackers stole their personnel files from its servers.
Members of the House Committee on Energy and Commerce, which oversees technology issues, wrote to the Government Accountability Office asking for “a review of credit monitoring and other post-breach identity theft services” and “recommendations to enhance consumer protection.”
The Office of Personnel Management has struggled to set up a system for providing identity protection to the 22 million federal employees whose records were compromised. When the first of two breaches was detected, OPM rushed to award a $20 million contract to identity-protection firm CSID to protect the victims of that breach. But the office hasn’t talked to CSID about protecting the victims of the second breach.
These contracting woes have exposed persistent flaws in how the government partners with private companies to provide services to its employees. The morass of issues surrounding federal contracts is nothing new, but the urgency of the need to protect OPM breach victims has added a new dimension to the decades-old issue.
OPM’s contract with CSID for the first breach only included 18 months of protection services. The four senators from Maryland and Virginia, where the majority of the victims live, have introduced a bill to require lifetime protection for federal cyberattack victims.
The House Commerce Committee’s letter cited several breaches of government systems that exposed federal employees’ personal information, and it noted that, in each of these cases, “questions have been raised … about the usefulness and adequacy of credit monitoring services in protecting victims’ credit following a breach.”
The letter also noted that other components of identity protection, including monitoring of suspicious Internet activity, have come under scrutiny. Major providers of these services have been scrutinized for possible false claims; LifeLock, one of the most famous providers, was forced to pay the FTC $12 million to settle false-claims charges. On Tuesday, the FTC announced that it would take further action in that case after LifeLock violated the terms of the settlement.
Committee members laid out six separate questions that they wanted the GAO report to answer, one of which concerned how identity-protection services “evaluate and keep pace with evolving threats.”
Update 3:10pm CT, July 21: Added new information about FTC’s LifeLock case.
Photo via Quazie/Flickr (CC BY 2.0) | Remix by Jason Reed
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.