The federal government may spend as much as $20 million on identity fraud protection for employees affected by the massive cyberattack on the Office of Personnel Management,
the National Journal reported.
As many as
4 million federal workers will be provided with 18 months of access to services to protect their identities. A contract has already been signed between OPM and Winvale Group, a government contractor that works with the cybersecurity company CSID, to provide the identity protection services.
Workers are getting the "CSID Protector Plus" package, which entitles them to credit monitoring; public-records and loan monitoring; a service that monitors whether personal information is being traded or sold; and $1 million in insurance coverage for damages in the event of fraud, the Journal reported.
"As far as the service package, this is the whole kit and caboodle," Patrick Hillmann, vice president of Levick, a PR firm that represents Winvale and CSID, told the Journal.
CSID informed the first batch of 20,000 people in the agency of their coverage on Monday and will continue to send notifications in the coming weeks.
OPM spokesman Sam Schumach said that while the agency agreed to pay over $20 million for the services, the total cost may ultimately be lower depending on actual consumption.
The Journal said that the hurried timing of the contract-awarding process suggests that the government did not have an existing agreement in place with Winvale or CSID before the hack: the government put out a request for services May 28 and awarded the contract the following week on June 2.
Nevertheless, more and more organizations have moved toward prearranged agreements in the event of a breach, said one expert.
"That's being driven, candidly, by all the breaches that have been such high-profile news items over the last year or year and a half," Eric Warbasse, senior director of financial services and breach response at LifeLock, told the Journal.
"We've seen demand for prenegotiated relationships really pick up over the last six to eight months."
The prearranged agreements allow identity-theft companies to get to know an organization before a crisis hits, while assessing potential vulnerabilities and determining pricing for post-breach services, the Journal said.
© 2025 Newsmax. All rights reserved.