IDENTITY THEFT SERVICES: Services Offer Some Benefits but Are Limited in Preventing Fraud
GOVERNMENT ACCOUNTABILITY OFFICE WASHINGTON DC WASHINGTON DC United States
Pagination or Media Count:
Private-sector and government entities that experience data breaches often provide affected consumers with identity theft services, which typically include credit monitoring, identity monitoring, identity restoration, and identity theft insurance. In response to data breaches in 2015, OPM awarded two contracts obligating about 240 million for identity theft services. GAO was asked to examine issues related to identity theft services and their usefulness. This report examines, among other objectives, 1 the potential benefits and limitations of identity theft services, and 2 factors that affect government and private-sector decision-making about them. GAO reviewed products, studies, laws, regulations, and federal guidance and contracts, and interviewed federal agencies, consumer groups, industry stakeholders, and eight providers selected because they were large market participants. What GAO Recommends Congress should consider permitting agencies to determine the appropriate coverage level for identity theft insurance they offer after data breaches. OMB should analyze the effectiveness of identity theft services relative to alternatives, and should explore options to address duplication in federal agencies provision of these services. OPM should address in its breach-response policy when to offer these services and should document its decision-making process. OPM agreed with GAOs recommendations to the agency.
- Administration and Management