The Democratic Senators from Maryland and Virginia are looking for answers and action from the Office of Personnel Management in the wake of a massive data breach involving personal identifiable information for millions of federal workers.
Maryland's Barbara A. Mikulski and Benjamin L. Cardin and Virginia's Tim Kaine and Mark Warner sent a letter to OPM Director Katherine Archuleta Friday, criticizing the agency for a lack of transparency surrounding the breach affecting executive branch workers and failing to properly encrypt Social Security numbers. “Sensitive information belonging to members of our nation’s federal workforce deserves the highest level of protection," they wrote. "Unfortunately, there has been a lack of clarity around the extent of the December 2014 breach and what information was accessed or acquired by the perpetrators of this cyber attack."
The senators said it was "unacceptable" that OPM discovered the breach in April and did not disclose it until June. All four senators represent the states adjacent to the District of Columbia, so many of their constituents work for the federal government and could be affected by the attack.
Though OPM originally estimated roughly 4 million workers were affected, recent media reports indicated that number could be much higher . When OPM first announced the breach, it indicated it would inform current and former workers who were affected over the next two weeks, and would provide those affected with an 18-month credit monitoring service and identity theft insurance.
But the senators wrote that OPM must take further action to remedy the situation. In their letter, they told Archuleta that the credit monitoring period needed to be "significantly longer" than 18 months. "Should the data be used for damaging purposes after the credit monitoring term has ended," they wrote, "federal workers must be assured that the appropriate safeguards will be in place to alert and protect them from financial harm.”
The senators also indicated that OPM has offered $1 million dollars in liability insurance to those affected, but wrote that amount "must be increased substantially." They also asked Archuleta to explain why Social Security numbers were not encrypted and provide regular updates on the investigation into the incident.
Earlier on Friday, Cardin held a forum in Baltimore at Social Security Administration headquarters to discuss the breach and a number of other issues.
“If OPM can be compromised in such a way as it was, we know we have a major problem," Cardin said at the event, detailed in a news release. "We will not sit back and accept this. We will work to protect you [federal workers] from any attacks associated with this data breach. Cybersecurity must be given the highest priority moving ahead. And I will make sure that it is."
The senators confirmed Friday that they also have a role to play in addressing the data breach. "For our part, we will continue to work here in Congress to provide more resources so that we can employ the latest and most up-to-date technology to secure these databases," they wrote.
Across the Capitol, the House is set to take up the security issue in the coming week. The House Oversight and Government Reform Coming will hold a hearing on OPM's data breach on Tuesday.
Related: Most Legislative Workers Likely Not Affected by OPM Hack Wyden Rips Plan to Attach ‘Surveillance’ Cybersecurity Bill to Defense Bill (Video) White House, Team Boehner Trade Barbs on Cybersecurity (Video) See photos, follies, HOH Hits and Misses and more at Roll Call's new video site. Get breaking news alerts and more from Roll Call in your inbox or on your iPhone.