US House Intros Lifetime Credit Monitoring Bill in Wake of OPM Breach

Written by

In the wake of the federal government’s admission that the personnel records of 22.1 million Americans have been compromised, a proposed bill aims to get justice for all by ensuring lifetime fraud protection, instead of the standard one to two years of credit monitoring services.

The Office of Personnel Management has finally revealed the total number of current and former US officials and their friends and family affected by two major data breaches thought to have been carried out by China. Highly sensitive background-check data on 21.5 million individuals has been stolen in a breach discovered in early June, in addition to the previously disclosed breach of 4.2 million records discovered in April. However, because there’s some duplication, the total number affected is thought to be 22.1 million people.

Del. Eleanor Holmes Norton (D-D.C.) and eight Democrats from Maryland and Virginia—which both have a heavy concentration of federal employees—have now introduced the Recover Act. In addition to lifetime identity theft monitoring, the bill would mandate that victims are insured for losses of up to $5 million.

The OPM is, for now, offering breach victims between 18 months and three years of monitoring services, with insurance for up to $1 million in fraud damages.

“OPM's offer of limited credit monitoring and identity theft protection coverage fails to recognize that the hackers could outwait the OPM's proposed period of credit monitoring and very limited loss coverage,” Norton said in introducing the bill.

She added, “Much of the OPM data is lifetime and permanent background information that cannot be changed like a credit-card number. We cannot make up for the angst this breach has caused our federal employees, but our bill shows we can and should do much better than OPM's stingy proposal."

A similar measure has been introduced in the Senate.

“Unfortunately, as a result of this epic security fail, millions of Americans will be forced to look over their shoulders for the rest of their lives,” said IDT911’s chairman and founder, and the former director of NJ Division of Consumer Affairs, Adam Levin, in an email. “There is no zero-liability protection available to victims of this type of exposure when information as sensitive as Social Security numbers and fingerprints are involved. Lifetime credit and identity monitoring will only be meaningful if comprehensive identity protection and resolution services are part of the package. Detecting identity theft issues as quickly as possible is extremely valuable but having a professional get you through this life-altering crime is priceless.”

What’s hot on Infosecurity Magazine?