Udall, Heinrich Urge OPM to Minimize Impact of Data Breach on Federal Employees, Improve Security Controls

WASHINGTON, D.C.Today, U.S. Senators Tom Udall and Martin Heinrich strongly urged the U.S. Office of Personnel Management (OPM) to take steps to minimize harm to federal employees in New Mexico and across the country who were affected by the recent data breach that resulted in the theft of millions of employees' personal information. In a letter to the OPM director, the senators expressed their disappointment with the data breach and called on OPM to take specific actions to improve security controls and prevent cyber theft.

In June, OPM warned that millions of current and former federal employees' personal information may have been compromised by a security breach. The senators said in their letter that the breach has raised major concerns, particularly among the 27,000 federal workers in New Mexico. 

"Federal employees entrust their personal and sensitive information to the federal government with the expectation that their information is secure and protected," the senators wrote to OPM Director Katherine Archuleta. "Ensuring that the private information of federal employees is safe from cyber theft and hackers is the minimum level of protection we must provide."

The senators continued, "We are aware that your agency has offered some services, including credit monitoring and credit report access, to employees who may be at risk of fraud or identity theft. However, we would also like to know what, if any, additional steps are being taken to protect these individuals, what recourse may be available to them if they suffer losses due to breach, and how many federal employees in New Mexico may have been directly impacted by the breach." 

Udall, then chairman of the Senate Appropriations Subcommittee on Financial Services and General Government, spoke at a hearing last year about the need for federal information and cyber security reform. In the letter, the senators said that this latest incident highlights the need for further improvements to OPM's security controls to prevent future security breaches and safeguard government employees' sensitive and personal information. 

As a member of the U.S. Senate Select Committee on Intelligence, Heinrich has worked to protect the country from cyber security threats and continues to support measures to bolster national security in the digital age.

The full text of the letter is available below and HERE.  

June 24, 2015

Ms. Katherine Archuleta

Director

United States Office of Personnel Management

1900 E Street, N.W.

Washington, D.C. 20415 


Dear Director Archuleta:

We write to express our serious concerns regarding the recent network intrusions at the Office of Personnel Management (OPM), which resulted in the theft of millions of federal employees’ personal information.  We strongly urge you to take immediate action to minimize the impact of this breach on affected employees and to prevent further breaches. 

Federal employees entrust their personal and sensitive information to the federal government with the expectation that their information is secure and protected. Ensuring that the private information of federal employees is safe from cyber theft and hackers is the minimum level of protection we must provide. 

We understand that OPM will soon finish notifying millions of individuals whose personally identifiable information may have been stolen as part of the intrusion. This security breach has raised significant concerns, especially among the roughly 27,000 federal workers in New Mexico.  We are gravely concerned that sensitive information obtained as part of federally conducted background investigations may have been compromised. We are aware that your agency has offered some services, including credit monitoring and credit report access, to employees who may be at risk of fraud or identity theft. However, we would also like to know what, if any, additional steps are being taken to protect these individuals, what recourse may be available to them if they suffer losses due to breach, and how many federal employees in New Mexico may have been directly impacted by the breach. 

As the former Chairman of the Subcommittee on Financial Services and General Government, Senator Udall spoke at a hearing he held last year about the need for federal information and cybersecurity reform.  This incident highlights the urgent need to push through reforms that we have advocated for to strengthen federal cybersecurity.  Unfortunately, it is clear that not enough was done to safeguard the sensitive and personal information of government employees at that time.  It is our understanding that OPM has since adopted tougher security controls.  We strongly urge you to continue your work to improve security controls and would like to know what specific actions have been taken to address future cyber theft threats to the personal information of federal employees.

We await your response regarding this very serious matter affecting millions of federal employees and thousands of our constituents.  OPM must take every action within its power to ensure that harm to affected employees is minimized and to prevent further breaches from occurring in the future.  Please direct any questions to Sabrina De Santiago in Senator Udall’s office at Sabrina_DeSantiago@tomudall.senate.gov and Elizabeth Hill in Senator Heinrich’s office at Elizabeth_Hill@heinrich.senate.gov

Sincerely,

Tom Udall

United States Senator

Martin Heinrich

United States Senator