The Office of Personnel Management is so far behind the power curve after their recent breach that they have yet to notify the vast majority of people affected by the cyber attack ostensibly perpetrated by China. Currently there remains 21.5 million people still waiting to hear from OPM about their data leakage and the free three years of credit monitoring OPM will be offering (emphasis added):

“We remain fully committed to assisting the victims of these serious cybercrimes and to taking every step possible to prevent the theft of sensitive data in the future,” says Beth Cobert, who is serving as OPM’s acting director, following former director Katherine Archuleta resigning July 10, about one month after OPM first announced news of the data breach on June 4. “Millions of individuals, through no fault of their own, had their personal information stolen and we’re committed to standing by them, supporting them, and protecting them against further victimization. And as someone whose own information was stolen, I completely understand the concern and frustration people are feeling.”

Both OPM and the U.S. Department of Defense announced Sept. 1 that a $133 million contract has been awarded – by the U.S. General Services Administration, an independent agency that oversees about $500 billion in federal assets – to Identity Theft Guard Solutions, which does business as ID Experts. The company will offer prepaid credit monitoring, identity monitoring, identity theft insurance and identity restoration services to the 21.5 million affected individuals – as well as their dependent minor children who were under the age of 18 as of July 1, 2015 – for a three-year period.

The move to notify the 21.5 million individuals follows OPM already notifying 4.2 million victims of what the agency called a “separate but related” hack attack that compromised federal employees’ and contractors personnel records, which was first discovered in April, and which reportedly occurred in December 2014. The discovery of that incident led to the June 2015 discovery of the background-information theft, which reportedly began first with a May 2014 network intrusion, followed by attackers stealing massive amounts of data from July to August of that year. Many of the victims of the smaller breach were also victims of the background-investigation hack attack, OPM says.

Consider me one of the remaining 21.5 million who has yet to be notified.