OPM hit by $1 billion class-action suit following personnel hack

The VSCO Girl has always been here
The look has spread across social media, but you've probably seen it before.

See all Editor's Picks

The nation’s largest federal employee union is suing the Office of Personnel Management for $1 billion.

On June 4, the Obama administration announced that hackers gained access to the personal information of about four million current and former federal employees in April. (That number has since gone up to as high as 32 million.)

In addition to a gamut of personal employee information, the hackers, who may (or may not) have been affiliated with the Chinese government, also stole FBI files.

Things are going from bad to worse for the OPM.

Now the American Federation of Government Employees has filed suit in the U.S. District Court of the District of Columbia.

AFGE’s suit names the OPM, the office’s director Katherine Archuleta, and Chief Information Officer Donna Seymour, as well as a government security contractor, KeyPoint Government Solutions. It “alleges that negligence by federal officials contributed to the cybertheft of private information on up to 18 million current and former employees or contractors,” according to the complaint.

The suit is asking for class-action designation. The benefits of such a status, according to FindLaw, are efficiency, lowering the cost of litigation, and assuring that everyone covered receives a settlement—should the attorneys prosecuting it win their case. The AFGE is being represented by class-action specialists Girard Gibbs LLP.

The charges in the suit focus on the “OPM’s weak cyber security measures,” which include the accusation that “the OPM failed to continuously monitor the security controls of all of its software systems, finding that only 37 of 47 software systems were adequately tested for security issues in 2014, and that it had been “over eight years since all [software] systems were subject to an adequate security controls test” and that “the OPM lacked a centralized cyber security team responsible for overseeing all of the OPM’s cyber security efforts, creating many instances of non-compliance with (Federal Information Security Management Act) requirements.”

On its blog, the union said, “AFGE will not sit idly by while OPM fails to comply with the most basic requests for information or provide an adequate response. Even after this historic security breach, OPM has continued to use poor data security practices and inferior private-sector strategies to solve its security woes.”

Illustration via Max Fleishman

Curt Hopkins

Curt Hopkins

Curt Hopkins has over two decades of experience as a journalist, editorial strategist, and social media manager. His work has been published by Ars Technica, Reuters, Los Angeles Times, and San Francisco Chronicle. He is the also founding director of the Committee to Protect Bloggers, the first organization devoted to global free speech rights for bloggers