Rep. Dutch Ruppersberger (D-Md.) and Del. Eleanor Holmes Norton (D-DC) have proposed the Reducing the Effects of the Cyberattack on OPM Victims Emergency Response Act (RECOVER Act). This measure would extend the identity theft protection offered to victims of the 2015 OPM data breach to last for life. This bill would cover the more than 21 million current and former federal employees and contractors whose Social Security numbers were exposed as part of multiple data breached.
Under current law, federal employees who were impacted by data breaches can receive identity theft protection through 2026. Initially, OPM offered 3 years and up to $1 million in protection services, however, in 2015, Congress instructed the agency to extend the program to 10 years and up to $5 million in protection.
“The personal records stolen by hackers have no shelf life—so the identity theft protection offered to the victims shouldn’t either,” Ruppersberger said. “[Providing] these dedicated and hard-working men and women with a little well-deserved peace of mind is the least we can do.”
“There is no limit to the duration of when the compromised personally identifiable information can be used,” Norton said. “The federal government is responsible for the nerve-racking breaches and Congress has an obligation to make affected employees whole by passing our bill.”
Some, however, are not quite on board with OPM’s approach to protecting federal employees from identity theft. The Government Accountability Office concluded that insuring a person against identity theft to the tune of millions of dollars is “likely unnecessary” and may even distort identity theft insurance prices.
“This level of insurance coverage is likely unnecessary because claims paid rarely exceed a few thousand dollars,” GAO wrote. “Requirements such as this could serve to increase federal costs unnecessarily, mislead consumers about the benefit of such insurance coverage, and create an unwarranted escalation of coverage amounts in the marketplace.”
