Roughly three months after the public was informed that the federal government's Office of Personnel Management (OPM) had been breached by hackers, allowing the personally identifiable information of more than 20 million Americans to be stolen, the White House has announced it has awarded a contract to an outside company to offer the victims of the attack identity protection services.
The contract was awarded to ID Experts, the White House said in an announcement on Sept. 1, as reported by multiple news outlets, including CNN.
In June, it was reported that hackers had breached the OPM in a wide-scale cyber attack. The attack is believed to have taken place in December, and was not discovered by security personnel until April.
The Office of Personnel Management acts as a huge human resources department of sorts for all federal government employees and contractors, and is also responsible for processing background checks and security clearances for millions of workers with sensitive jobs and/or access to classified information.
U.S. officials have said they believe Chinese hackers were behind the cyber attack.
The services offered to victims in the new contract include three years of identity protection and monitoring, and up to $1 million in identity theft insurance. In addition, it extends the services to minor dependents of the victims, "because of the nature of the information that was stolen," officials said in a statement, according to CNN.
The information believed to be stolen in the breach includes the personnel records of current and former employees. Troublingly, it also includes extensive information about those employees' friends, relatives and other acquaintances they listed as references on their applications for security clearances for sensitive, classified jobs.
Previous services offered to the first 4 million victims believed to have been affected afforded them fewer services, with only 18 months of protection, and no protection for minor dependents. Some lawmakers criticized the previous contract for offering too little. When nearly 20 million further victims were identified, the new, expanded contract was drawn up and mulled over by lawmakers for weeks leading up to the Sept. 1 announcement.
The Washington Post reports that Defense Department staff members will begin notifying the millions of people whose information was stolen in the attack later this month. All victims will then be invited to sign up for the protection services.
So far, security officials have found no evidence that the Chinese or anyone else has tried to use the hacked data for negative purposes, according to the Post.