In the rush to award a $20 million contract for identity-theft protection services in the wake of a massive data breach, Office of Personnel Management contracting staff violated federal contracting rules, lost track of paperwork and failed to properly secure an independent cost estimate of the contract, according to a newly published review by the agency’s inspector general.
A summary of the IG’s findings was previously included in a memo to acting OPM Director Beth Cobert last month. However, the full report, dated Dec. 2 and posted online today, provides more detail about the shortcuts OPM contracting staff to award the contract.
OPM IG Patrick McFarland said his office was unable to determine whether the deficiencies were significant enough to affect the actual awarding of the contract. However, the missteps his office identified “increased the risk of making an improper award,” he wrote in the new review.
In addition, OPM contracting officials incorrectly used a blanket purchase agreement to award the contract “and millions of taxpayer dollars were put at risk for waste or loss,” his report concluded.
OPM officials first learned in April sensitive personnel data on some 4.2 million federal employees had been stolen by hackers in a series of cyberattacks on government systems. (A separate but related hack later revealed by the agency also netted background investigations forms on millions more employees.)
The agency’s chief information officer, Donna Seymour, determined the agency would need to offer credit monitoring and identity-theft services to protect hack victims and…