National Security

OPM Hack Costing $20 Million Just to Notify Employees

AP

It is costing the federal government $20 million just to notify the employees who had their personal information compromised after the biggest cyber attack in U.S. history.

Nextgov reports:

The Office of Personnel Management on May 28 issued a solicitation to identity theft protection companies, a week before disclosing a hack that exposed private information on millions of current and former federal employees.

The day after the breach was made public, OPM finalized a more than $20 million deal with Winvale Group to start notifying individuals "within 48 hours of award."

This would explain the lag between the time the intrusion was revealed June 4 and the notification on June 8.

OPM now says it's in the process of contacting approximately 4 million current and former federal employees whose personal information may have been exposed.

Curiously, though, the initial job order only specifies sending out 3.2 million notifications, including 1 million emails and 1.1 million letters.

The report noted that the emails would reveal exactly what personally identifiable information of the employee may have been compromised.

Aside from the notifications, the contract also will pay for "address research," a call center, credit monitoring services, and ID recovery services for employees who have their identities stolen.

Multiple Chinese state-sponsored hackers appear to be responsible for the cyber attack.