With at least 26 million current, retired and prospective federal employees and contractors affected by massive data breaches that exposed their personal information, politicians are grappling with how to protect them and how to pay for it.
"We're going to have a very high degree of energy in the delegation — Republicans and Democrats — trying to make sure the energy and focus are applied to solving this problem and ensuring that our information is safe," said Rep. Steny Hoyer, a Southern Maryland Democrat and House minority whip.
Federal workers and people seeking security clearances need to have "confidence that their information is not subject to being purloined," Hoyer said in a conference call with reporters Friday afternoon.
This spring, the federal Office of Personnel Management announced the discovery of two separate hacks that exposed private information.
The first, disclosed in April, involved personnel data for 4.2 million current and former federal employees. They've been notified and offered 18 months of credit monitoring and identify protection insurance. About 22 percent have taken up the government on that offer, said Sam Schumach, press secretary for the Office of Personnel Management.
The second data breach, announced in May, is much larger in scope, involving records of more than 21 million people who had background investigations completed, mainly current and former workers as well as nongovernment employees who sought security clearances. Some spouses and associates of those who were investigated also may have had some of their information exposed.
The Office of Personnel Management and other agencies are still working on hiring a contractor to notify those who are affected by the second breach. The government will offer credit monitoring, likely for three years, Schumach said. A website has been set up at opm.gov/cybersecurity and a call center is in the works.
Hoyer said he and other Washington-area members of Congress met recently with acting Personnel Management director Beth Cobert and Homeland Security Secretary Jeh Johnson to express frustration, "and in some cases, anger," about the breaches.
Hoyer acknowledged that people affected by the data breaches might need more than simple credit monitoring. Some have raised concerns that the sensitive information could be used to force federal workers to give up confidential information, compromising national security.
"I think we're going to have to look at all the threats to employees," Hoyer said, and protect them "as extensively as we possibly can."
Hoyer also suggested that credit monitoring for life might be necessary for some affected employees, not the short-term monitoring that's being offered.
There's no way to know yet what all that would cost, Hoyer said, so he supports an effort by U.S. Sen. Barbara A. Mikulski to ensure 10 years' worth of monitoring as a starting point.
That would buy the government some time to figure out whether it's prudent to extend monitoring further and what it would cost, Hoyer said. It's not clear yet whether Congress should issue a new appropriation to cover the costs, or whether each federal agency can absorb a portion, Hoyer said.
"Nobody anticipated this," Hoyer said. "It's not something you could budget for."
Mikulski, a Maryland Democrat who is retiring next year, successfully added a requirement for 10 years' of monitoring and $5 million worth of liability protection into a spending bill that was debated by the Appropriations Committee on Thursday.
Mikulski said in a statement that she hoped her requirement would give peace of mind to affected workers, retirees and contractors.
"Very sensitive information has been stolen — Social Security numbers, financial data, mental health status and work histories," Mikulski said. "It's as outrageous and unacceptable as it is devastating."
The committee did not, however, agree to Mikulski's proposal to give the Office of Personnel Management $37 million to speed up information technology upgrades.
The office doesn't comment on pending legislation, Schumach said.
But the American Federation of Government Employees — which represents 670,000 federal workers — applauded Mikulski's 10-year requirement for monitoring.
The measures will "significantly enhance" protections for affected workers, said J. David Cox Sr., the union's national president.
"AFGE continues to urge Congress to provide OPM with emergency funds to address the theft of personnel files so agencies are not forced to use funds appropriated for different purposes," Cox said in a statement.