OPM awards $42.3M for credit monitoring services following cybersecurity incident

Contract Overview

Contract Amount: $42,300,000 ($42.3M)

Contractor: Identity Theft Guard Solutions, Inc.

Awarding Agency: Office of Personnel Management

Start Date: 2018-11-30

End Date: 2020-03-18

Contract Duration: 474 days

Daily Burn Rate: $89.2K/day

Competition Type: FULL AND OPEN COMPETITION

Number of Offers Received: 1

Pricing Type: FIRM FIXED PRICE

Sector: Other

Official Description: AWARD OF OPM'S CREDIT MONITORING AND IDENTITY PROTECTION SERVICES FOR THE BACKGROUND INVESTIGATIONS CYBERSECURITY INCIDENT.

Place of Performance

Location: WASHINGTON, DISTRICT OF COLUMBIA County, DISTRICT OF COLUMBIA, 20415

State: District of Columbia Government Spending

Plain-Language Summary

Office of Personnel Management obligated $42.3 million to IDENTITY THEFT GUARD SOLUTIONS, INC. for work described as: AWARD OF OPM'S CREDIT MONITORING AND IDENTITY PROTECTION SERVICES FOR THE BACKGROUND INVESTIGATIONS CYBERSECURITY INCIDENT. Key points: 1. The contract aims to provide essential identity protection services to individuals affected by a significant cybersecurity breach. 2. The award was made under full and open competition, suggesting a competitive bidding process. 3. The fixed-price contract type helps to control costs and provides predictability for the government. 4. The duration of the contract is approximately 1.5 years, indicating a need for immediate and sustained support. 5. The services provided are critical for mitigating the impact of identity theft on affected individuals. 6. The contractor, Identity Theft Guard Solutions, Inc., is tasked with delivering these vital services.

Value Assessment

Rating: good

The award of $42.3 million for credit monitoring and identity protection services appears reasonable given the scale of the cybersecurity incident at OPM. While specific per-unit cost data is not provided, the total award reflects a significant investment in protecting a large number of individuals. Benchmarking against similar large-scale identity protection contracts would provide further insight into value for money, but the context of a major data breach often necessitates a robust and comprehensive solution.

Cost Per Unit: N/A

Competition Analysis

Competition Level: full-and-open

This contract was awarded through full and open competition, indicating that multiple vendors were likely invited to bid. The presence of a competitive process generally leads to better pricing and service offerings for the government. The specific number of bidders is not detailed, but the 'full and open' designation suggests a robust marketplace for these services.

Taxpayer Impact: A competitive award process helps ensure that taxpayer funds are used efficiently by driving down costs and encouraging high-quality service delivery.

Public Impact

Individuals affected by the OPM background investigations cybersecurity incident are the primary beneficiaries, receiving essential credit monitoring and identity protection. The services delivered include monitoring of credit reports, alerts for suspicious activity, and identity restoration assistance. The geographic impact is nationwide, as individuals affected by the breach reside across the United States. The contract supports the government's responsibility to protect citizens' personal information following a data breach.

Waste & Efficiency Indicators

Waste Risk Score: 50 / 10

Warning Flags

Potential for contractor to experience high demand, requiring robust service delivery infrastructure.
Ensuring the long-term effectiveness of identity protection services for affected individuals.
Managing the scope and duration of services in response to evolving identity theft threats.

Positive Signals

Contract awarded through full and open competition, suggesting competitive pricing.
Firm fixed-price contract type provides cost certainty for the government.
Services directly address a critical need arising from a significant cybersecurity incident.

Sector Analysis

The market for credit monitoring and identity protection services is substantial, driven by increasing cybersecurity threats and data breaches. This contract falls within the broader professional services sector, specifically focusing on information security and consumer protection. The size of this award indicates a significant event requiring a large-scale response, comparable to other major government or corporate data breach remediation efforts.

Small Business Impact

The provided data does not indicate any specific small business set-aside provisions for this contract. Given the nature and scale of the services required, it is possible that larger, specialized firms were better positioned to compete. Further analysis would be needed to determine if any subcontracting opportunities were made available to small businesses.

Oversight & Accountability

Oversight of this contract would typically fall under the Office of Personnel Management (OPM), the awarding agency. Accountability measures would be tied to the performance standards outlined in the contract, with potential for penalties if services are not delivered as specified. Transparency regarding the contract's execution and effectiveness would be important, especially given the public impact of the underlying cybersecurity incident.

Related Government Programs

Office of Personnel Management (OPM) Cybersecurity Incident Response
Federal Information Security Management Act (FISMA) Compliance
Identity Theft Protection Services
Background Investigation Services

Risk Flags

Data Breach Response
Identity Protection Services
Cybersecurity Incident

Frequently Asked Questions

What is this federal contract paying for?

Office of Personnel Management awarded $42.3 million to IDENTITY THEFT GUARD SOLUTIONS, INC.. AWARD OF OPM'S CREDIT MONITORING AND IDENTITY PROTECTION SERVICES FOR THE BACKGROUND INVESTIGATIONS CYBERSECURITY INCIDENT.

Who is the contractor on this award?

The obligated recipient is IDENTITY THEFT GUARD SOLUTIONS, INC..

Which agency awarded this contract?

Awarding agency: Office of Personnel Management (Office of Personnel Management).

What is the total obligated amount?

The obligated amount is $42.3 million.

What is the period of performance?

Start: 2018-11-30. End: 2020-03-18.

What was the specific nature of the cybersecurity incident that necessitated this contract?

The cybersecurity incident that led to this contract involved a breach of the Office of Personnel Management's (OPM) systems, specifically impacting data related to background investigations. This breach exposed sensitive personal information of a vast number of individuals, including current and former federal employees and applicants for federal positions. The compromised data potentially included personally identifiable information (PII) such as social security numbers, dates of birth, and other sensitive details, necessitating robust measures to protect affected individuals from identity theft and fraud.

How does the $42.3 million award compare to typical spending on credit monitoring services for federal data breaches?

The $42.3 million award for OPM's credit monitoring services is substantial and reflects the unprecedented scale of the data breach it addressed. While specific figures for every federal breach are not publicly aggregated, this award is significantly larger than many individual identity protection contracts. It is indicative of the extensive number of individuals affected and the comprehensive, long-term protection required. Comparable large-scale remediation efforts following major corporate breaches have also involved tens of millions of dollars, suggesting this award is in line with the magnitude of the OPM incident.

What are the key performance indicators (KPIs) or service level agreements (SLAs) associated with this contract?

While the specific KPIs and SLAs are not detailed in the provided data, contracts of this nature typically include stringent requirements for service delivery. Key performance indicators would likely focus on the timeliness of credit monitoring alerts, the availability and responsiveness of customer support for affected individuals, the accuracy of reported information, and the effectiveness of identity restoration services. Service level agreements would define response times for inquiries, uptime for online portals, and protocols for handling fraudulent activity. OPM would monitor these metrics to ensure the contractor is meeting its obligations.

What is the track record of Identity Theft Guard Solutions, Inc. in handling large-scale government contracts for identity protection?

Information regarding the specific track record of Identity Theft Guard Solutions, Inc. in handling large-scale government contracts for identity protection is not detailed in the provided data. However, their selection for this significant OPM contract suggests they possess the capabilities and experience deemed necessary by the agency to manage such a critical service. Further due diligence would involve reviewing past performance evaluations, contract history, and client references to fully assess their suitability and reliability for this role.

What are the potential risks associated with this contract, and how are they being mitigated?

Potential risks include the contractor's capacity to handle a massive influx of affected individuals, the long-term effectiveness of the monitoring services against evolving fraud tactics, and ensuring data privacy of the individuals whose information is being monitored. Mitigation strategies likely involve robust contract oversight by OPM, clearly defined performance standards and penalties, and potentially requiring the contractor to maintain specific security protocols for the data they handle. The firm fixed-price nature also mitigates financial risk for the government.

How does this contract align with broader federal efforts to enhance cybersecurity and protect citizen data?

This contract is a direct response to a significant federal cybersecurity failure and aligns with broader efforts by emphasizing the protection of citizen data post-breach. It underscores the importance of robust identity protection services as a critical component of incident response. While the contract addresses the aftermath, it also implicitly highlights the need for continuous improvement in federal cybersecurity defenses to prevent such breaches from occurring in the first place, aligning with initiatives like the Federal Information Security Modernization Act (FISMA).

Industry Classification

NAICS: Administrative and Support and Waste Management and Remediation Services › Business Support Services › Credit Bureaus

Product/Service Code: SUPPORT SVCS (PROF, ADMIN, MGMT) › MANAGEMENT SUPPORT SERVICES

Competition & Pricing

Extent Competed: FULL AND OPEN COMPETITION

Solicitation Procedures: SUBJECT TO MULTIPLE AWARD FAIR OPPORTUNITY

Offers Received: 1

Pricing Type: FIRM FIXED PRICE (J)

Evaluated Preference: NONE

Contractor Details

Address: 10300 SW GREENBURG RD STE 570, PORTLAND, OR, 97223

Business Categories: Category Business, Corporate Entity Not Tax Exempt, Not Designated a Small Business, Special Designations, U.S.-Owned Business

Financial Breakdown

Contract Ceiling: $42,300,000

Exercised Options: $42,300,000

Current Obligation: $42,300,000

Contract Characteristics

Commercial Item: COMMERCIAL ITEM

Parent Contract

Parent Award PIID: GS10FCA017

IDV Type: BPA

Timeline