Nearly two weeks after announcing that more than 21.5 million people had their information hacked from government servers, the Obama administration is moving to hire a contractor to notify and provide identity-fraud-protection services to affected individuals.
But it won't be until at least mid-August until one is hired.
The Office of Personnel Management, which was hit last year by a massive hack that officials have privately linked to China, is working with the Defense Department to find a contractor to notify the affected individuals and provide them with identity-fraud-protection services, according to an OPM spokesperson.
CSID, the contractor that provided those services to the 4.2 million employees affected by the smaller data breach announced in June and was heavily criticized for how it handled the process, will face competition for the new contract from LifeLock and other large fraud-protection services. They will be vying to provide services at a scale five times the previous breach—21.5 million individuals will need to be notified and protected.
OPM has promised at least three years of credit-monitoring and identity-theft protection to the affected people.
In the first formal step toward securing a contractor, the General Services Administration on Thursday put out a request for information, notifying potential contractors about the scope of work the government will expect and soliciting information from the interested companies.