OPM's $340M data breach recovery contract awarded to Identity Theft Guard Solutions, Inc. for credit bureau services

Contract Overview

Contract Amount: $340,055,995 ($340.1M)

Contractor: Identity Theft Guard Solutions, Inc.

Awarding Agency: Office of Personnel Management

Start Date: 2015-09-01

End Date: 2020-03-10

Contract Duration: 1,652 days

Daily Burn Rate: $205.8K/day

Competition Type: FULL AND OPEN COMPETITION

Number of Offers Received: 5

Pricing Type: FIRM FIXED PRICE

Sector: Other

Official Description: IGF::OT::IGF DATA BREACH RECOVERY SERVICES

Place of Performance

Location: PORTLAND, WASHINGTON County, OREGON, 97223

State: Oregon Government Spending

Plain-Language Summary

Office of Personnel Management obligated $340.1 million to IDENTITY THEFT GUARD SOLUTIONS, INC. for work described as: IGF::OT::IGF DATA BREACH RECOVERY SERVICES Key points: 1. The contract's value represents a significant investment in addressing identity theft following a data breach. 2. Full and open competition was utilized, suggesting a potentially competitive bidding process. 3. The fixed-price contract type aims to control costs for the government. 4. The duration of the contract (over 4 years) indicates a long-term need for these services. 5. The services provided fall under credit bureaus, a critical component of identity protection. 6. The award amount is substantial, necessitating careful scrutiny of value for money.

Value Assessment

Rating: fair

Benchmarking the value of this contract is challenging without specific service metrics and comparable breach recovery costs. However, the total award of over $340 million for identity theft protection services following a major data breach suggests a significant investment. The firm fixed-price nature of the contract provides cost certainty, but the overall value depends on the effectiveness of the recovery services provided and the number of individuals impacted by the breach. Further analysis would require understanding the per-incident cost or the number of beneficiaries served.

Cost Per Unit: N/A

Competition Analysis

Competition Level: full-and-open

The contract was awarded under full and open competition, indicating that all responsible sources were permitted to submit bids. With 5 bidders participating, this suggests a reasonable level of competition. The presence of multiple bidders generally supports price discovery and can lead to more favorable pricing for the government compared to sole-source or limited competition scenarios. The specific details of the bidding process and the evaluation criteria would provide further insight into the competitiveness.

Taxpayer Impact: A competitive bidding process helps ensure that taxpayer funds are used efficiently by driving down costs and encouraging providers to offer the best possible services at a reasonable price.

Public Impact

Federal employees and individuals affected by the OPM data breach are the primary beneficiaries, receiving services to protect their identities. The services delivered include credit monitoring, identity theft protection, and potentially fraud resolution assistance. The geographic impact is nationwide, as individuals affected by the breach reside across the United States. The contract supports a specialized segment of the cybersecurity and identity protection services industry.

Waste & Efficiency Indicators

Waste Risk Score: 50 / 10

Warning Flags

Potential for cost overruns if the scope of services expands beyond initial estimates.
Effectiveness of recovery services in mitigating actual identity theft incidents.
Long-term implications of data breaches on individuals' privacy and financial security.
Dependence on a single contractor for critical post-breach support.

Positive Signals

Awarded under full and open competition, indicating a robust selection process.
Firm fixed-price contract provides cost certainty for the government.
Services directly address the critical need for identity protection following a significant data breach.
Contract duration suggests a commitment to providing sustained support to affected individuals.

Sector Analysis

The contract falls within the broader IT services sector, specifically focusing on cybersecurity and identity protection. The market for data breach recovery and credit monitoring services has grown significantly due to increasing cyber threats. This contract represents a substantial government expenditure in this area, likely benchmarked against other large-scale identity protection contracts awarded by federal agencies or large private sector organizations facing similar data security incidents.

Small Business Impact

The provided data does not indicate any specific small business set-aside provisions for this contract. Given the scale and nature of the services, it is possible that larger, specialized firms were the primary bidders. Further investigation would be needed to determine if any subcontracting opportunities were mandated or utilized for small businesses within the scope of this award.

Oversight & Accountability

Oversight of this contract would typically fall under the Office of Personnel Management (OPM), the contracting agency. Accountability measures would be defined in the contract's terms and conditions, including performance standards and reporting requirements. Transparency is generally facilitated through contract award databases, though specific performance metrics and detailed spending breakdowns may not always be publicly available. The Inspector General's office for OPM would likely have jurisdiction for audits and investigations related to this contract.

Related Government Programs

Federal Employee Benefits
Cybersecurity Services
Identity Theft Protection
Credit Reporting Services
Data Breach Response

Risk Flags

Significant contract value requires thorough performance monitoring.
Effectiveness of services in mitigating actual identity theft is critical.
Long-term implications of data breach on individuals' privacy.
Dependence on contractor's cybersecurity posture.

Frequently Asked Questions

What is this federal contract paying for?

Office of Personnel Management awarded $340.1 million to IDENTITY THEFT GUARD SOLUTIONS, INC.. IGF::OT::IGF DATA BREACH RECOVERY SERVICES

Who is the contractor on this award?

The obligated recipient is IDENTITY THEFT GUARD SOLUTIONS, INC..

Which agency awarded this contract?

Awarding agency: Office of Personnel Management (Office of Personnel Management).

What is the total obligated amount?

The obligated amount is $340.1 million.

What is the period of performance?

Start: 2015-09-01. End: 2020-03-10.

What was the specific nature and scale of the OPM data breach that necessitated this contract?

The OPM data breach, disclosed in 2015, was one of the largest in U.S. government history. It involved the theft of sensitive personal information, including security clearance records, for an estimated 21.5 million individuals, encompassing current and former federal employees, applicants, and their family members. The compromised data included names, social security numbers, dates of birth, addresses, and other personally identifiable information (PII), creating a significant risk of identity theft and espionage.

How does the per-beneficiary cost of this contract compare to industry standards for identity theft protection services?

Determining the precise per-beneficiary cost is complex without knowing the exact number of individuals ultimately served and the specific services utilized by each. The total award of $340 million over approximately 4.5 years averages to roughly $75 million per year. If we assume a significant portion of the 21.5 million affected individuals enrolled, the per-person annual cost could range from a few dollars to over ten dollars, depending on the service package. This range is generally in line with or slightly higher than standard consumer-level credit monitoring services, but potentially lower than specialized enterprise-level breach response services, reflecting the scale and urgency.

What were the key performance indicators (KPIs) used to evaluate the contractor's success in providing data breach recovery services?

While specific KPIs are not detailed in the public award data, typical performance indicators for such contracts would likely include metrics related to the speed of enrollment and service activation for affected individuals, the effectiveness of fraud detection and prevention, the resolution rate of reported identity theft incidents, customer satisfaction scores, and the overall reduction in confirmed cases of identity theft among beneficiaries. Compliance with data privacy regulations and reporting requirements would also be critical.

What is the track record of Identity Theft Guard Solutions, Inc. in handling large-scale government data breach recovery efforts?

Identity Theft Guard Solutions, Inc. (now part of Intermex) has experience in providing identity protection services. While this OPM contract was a significant award, their broader track record would need to be assessed by examining past performance on similar government or large corporate contracts. Information regarding their capacity, past performance evaluations, and any history of issues or successes in managing large-scale data breach responses would be crucial for a comprehensive assessment of their capabilities.

How has OPM's spending on data breach response and identity protection evolved before and after this contract?

Historical spending data for OPM on data breach response and identity protection prior to this $340 million contract would be necessary for a comparative analysis. It is highly probable that spending significantly increased following the 2015 breach due to the immediate need for recovery services. Subsequent spending patterns would depend on ongoing risks, evolving cybersecurity measures, and the long-term management of sensitive data. Analyzing trends would reveal whether this contract represented a one-time surge or a sustained increase in this category of expenditure.

What are the potential risks associated with relying on a single contractor for such a critical and sensitive service?

The primary risks of relying on a single contractor include potential service disruptions if the contractor faces financial difficulties, operational issues, or security breaches themselves. There's also a risk of reduced innovation and potentially less competitive pricing in future renewals. Furthermore, if the contractor's performance is subpar, affected individuals may not receive adequate protection, leading to prolonged harm and reputational damage for the government agency. Ensuring robust contract management and contingency planning is vital to mitigate these risks.

Industry Classification

NAICS: Administrative and Support and Waste Management and Remediation Services › Business Support Services › Credit Bureaus

Product/Service Code: SUPPORT SVCS (PROF, ADMIN, MGMT) › ADMINISTRATIVE SUPPORT SERVICES

Competition & Pricing

Extent Competed: FULL AND OPEN COMPETITION

Solicitation Procedures: SUBJECT TO MULTIPLE AWARD FAIR OPPORTUNITY

Offers Received: 5

Pricing Type: FIRM FIXED PRICE (J)

Evaluated Preference: NONE

Contractor Details

Address: 10300 SW GREENBURG RD STE 570, PORTLAND, OR, 97223

Business Categories: Category Business, Corporate Entity Not Tax Exempt, Not Designated a Small Business, Special Designations, U.S.-Owned Business

Financial Breakdown

Contract Ceiling: $340,055,995

Exercised Options: $340,055,995

Current Obligation: $340,055,995

Contract Characteristics

Commercial Item: COMMERCIAL ITEM

Cost or Pricing Data: NO

Parent Contract

Parent Award PIID: GS10FCA017

IDV Type: BPA

Timeline