President Barack Obama
Dear Mr. President,
In April of this year, the Office of Personnel Management became aware of a hack in their servers resulting in the loss of personally identifiable information for millions of current and former federal employees and those who completed or were referenced on SF-86 forms for government clearances. The Federal Workers Alliance (FWA), comprised of 19 unions representing over 300,000 federal workers, is writing to relay the deep concerns of our member Unions and their members concerning the failure of OPM to protect workers’ sensitive information and to demand answers concerning the scope, severity, and implications of this cyber security attack.
Federal employees trust their employers with their personal information, and, in turn, expect that their employer will faithfully protect the personal information they are required to disclose as a condition of employment. Unfortunately, this is not what has occurred. Workers deserve to know the truth about what has occurred, and they deserve to hear it directly from OPM. However, answers from OPM have been challenging, if not impossible, to come by, often excused under the premise of “ongoing investigations.” Federal workers deserve to be communicated with clearly, honestly, and promptly; a job at which, frankly, OPM and the CSID have failed.
The FWA wants to make sure that everything possible is done to mitigate the negative impact on those that have been exposed as a result of this breach. While certain measures are currently in place, OPM’s response has been lackluster at best. We believe that far more aggressive measures should be taken and that the federal government has an obligation to go above and beyond to assist federal employees as they are forced to navigate the countless actions they need to take as a result of OPM’s negligence. FWA recommends taking the following actions:
1. Offer lifetime credit monitoring for all federal employees, and extending service to spouses and children;
2. Provide retroactive loss coverage dating to Jan. 1, 2013 for losses incurred as a result of compromised PII;
3. Expand loss coverage from $1 million to $3 million, using emergency appropriations if necessary;
4. End the practice of using credit scores as sole basis for security decisions;
5. Provide CSID and other response staff training to handle all federal worker issues resulting from the breach;
6. Follow guidance provided by IG reports urging greatly-improved cybersecurity and information technology infrastructure upgrades, using emergency appropriations if necessary;
7. Immediately appoint a task force comprised of agency leadership, defense/intelligence experts, leading private sector information technology specialists and labor leaders (at a minimum the organizations having membership on the National Council of Federal Labor-Management Relations) with broad authority to compile a list of further recommendations and to develop an adequate communications system to notify the federal workforce and American public.
We hope that you will move quickly to adopt the following recommendations, and we look forward to working with OPM in this effort.