Skip to content

Cardin, Mikulski, Warner, Kaine Call for Stronger Protections for the Millions Affected by the Recent OPM Data Breaches

WASHINGTON – U.S. Senator Ben Cardin (D-Md.) with Senators Barbara A. Mikulski (D-Md.), Mark Warner (D-Va.) and Tim Kaine (D-Va.) have introduced legislation to better protect federal workers and all those potentially affected by the recent cyberattacks on the Office of Personnel Management (OPM) data system. Outraged by the expanse of the breach, the senators found the response by OPM to be severely lacking in the duration and extent of coverage for those who had their most sensitive information stolen off the government system.

The RECOVER Act (Reducing the Effects of the Cyberattack on OPM Victims Emergency Response Act of 2015) mandates expanded identity theft coverage for federal workers, contractors and other individuals affected, including lifetime coverage and not less than $5 million of identity theft insurance. This adjustment to what OPM has previously offered more adequately addresses the egregious nature of this federal cyberattack.

“Private-sector cyberhacks and cyberattacks have become too commonplace, but when the federal government’s own computer system shows its vulnerabilities to the world, we have a responsibility to protect the people who have been put at risk,” said Senator Cardin. “Off-the-shelf solutions are not good enough. We need to plug the holes in the federal network and make sure our workers, their families and all those who have been violated are held harmless from any damage that may be done.”

“The announcement that OPM’s data breach compromised the personal data of 21.5 million federal employees, retirees and their families is as outrageous and unacceptable as it is devastating,” said Senator Mikulski. “Each week OPM has come out with a new story with new facts. This erodes confidence going forward that the federal government will be able to protect federal employees whose personal data – social security numbers, dates of birth, fingerprints – has been stolen. I demand answers and assurances for them. And I demand a far more robust action plan for their protection. That’s what this bill is about.”

“I cannot overstate the national security implications of this breach, or the very real concerns of thousands of Virginians who have since learned that their personal information was put at risk,” Senator Warner said. “The RECOVER Act allows us to provide these individuals with reasonable protections and insurance coverage in the event of identity theft.”

“Today’s news that 21.5 million additional Americans were affected by one of the OPM breaches is a stark reminder of how far-reaching the impact is here,” said Senator Kaine. “The least we can do for the millions of past, current and prospective federal employees whose personal information has been exposed is provide them with the strongest protections available.”

There are more than 430,000 civilian federal employees in Maryland, Virginia and the District of Columbia. However, the universe of individuals in the region and nationwide affected by the data breach at OPM extends well beyond federal workers and includes contractors and family or other individuals who were required to be listed on sensitive security forms that were compromised. OPM estimates the combined total number affected by the two recent data breaches may be close to 25 million.

The RECOVER Act has been endorsed by the American Federation of Government Employees (AFGE, AFL-CIO), the American Foreign Service Association (AFSA), Federally Employed Women (FEW), the Federal Managers Association,  the International Association of Fire Fighters (IAFF), the National Active and Retired Federal Employees Association (NARFE), the National Association of Assistant United States Attorneys, the National Association of Postal Supervisors, the National Federation of Federal Employees (IAMAW, AFL-CIO), and the National Treasury Employees Union (NTEU).

The full text of the RECOVER Act follows:

Title: To require the Office of Personnel Management to provide complimentary, comprehensive identity protection coverage to all individuals whose personally identifiable information was compromised during recent data breaches at Federal agencies.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled.


This Act may be cited as the “Reducing the Effects of the Cyberattack on OPM Victims Emergency Response Act of 2015” or the “RECOVER Act”.


(a) Definition.—In this section, the term “affected individual” means any individual whose personally identifiable information was compromised during—

(1) the data breach of personnel records of current and former Federal employees, at a network maintained by the Department of the Interior, that was announced by the Office of Personnel Management on June 4, 2015; or

(2) the data breach of systems of the Office of Personnel Management containing information related to the background investigations of current, former, and prospective Federal employees, and of other individuals. 

(b) Identity Protection Coverage.—The Office of Personnel Management shall provide to each affected individual complimentary identity protection coverage that—

(1) is not less comprehensive than the complimentary identify protection coverage that the Office provided to affected individuals before the date of enactment of this Act;

(2) is effective for the remainder of the life of the individual; and

(3) includes not less than $5,000,000 in identity theft insurance.