Nation’s largest federal workers’ union sues over OPM breach

Jun 30, 2015

Gavel.jpgJust when it looked like the aftermath of the Office of Personnel Management data breach couldn’t get any worse, the largest U.S. federal workers union announced this week that it was suing the OPM, two of the agency’s top officials and an agency contractor.

The American Federation of Government Employees filed a lawsuit on June 29 against the OPM over the theft of employee personal information. In the suit, the AFGE claims that OPM director Katherine Archuleta and chief information officer Donna Seymour “repeatedly failed to comply with federal law and make the changes required by the OIG’s (Office of Inspector General) annual audit reports [on cyber security programs].”

The breach, which was first discovered earlier in June, affected more than 4 million employee files containing personal information including names and Social Security numbers, A database containing information on security clearances was also compromised during the breach, but officials are unsure how many records were exposed in that attack. The OPM uses a private company, KeyPoint Government Solutions, to perform background checks on candidates for security clearances. AFGE has named KeyPoint as a defendant in the class action lawsuit because Archuleta identified the source of the breach as being a misuse of a Keypoint user credential, according to the union.

Let the finger pointing begin
Despite being accused of oversight that caused the massive breach, KeyPoint is denying any wrongdoing. During a hearing of the House Committee on Oversight and Government Reform, KeyPoint president and CEO Eric Hess said that he had not seen any evidence suggesting the company was in any way responsible.

“There have been some recent media reports suggesting that the incursion into KeyPoint’s system last year is what facilitated the recently-announced OPM breach,” said Hess. “There is absolutely no evidence that KeyPoint was responsible for that breach.”

A jury trial was requested to settle the suit and AFGE asked the court to award actual and statutory damages to the plaintiffs in order to provide appropriate relief, though a specific dollar amount was not requested.

“AFGE will not sit idly by while OPM fails to comply with the most basic requests for information or provide an adequate response …” said a statement from AFGE President J. David Cox Sr., Secretary-Treasurer Eugene Hudson Jr., and Vice President for Women and Fair Practices Augusta Y. Thomas. “Since the agency is unwilling to provide adequate assistance, AFGE is taking unprecedented steps to gather more information for our members and hold the agency accountable.”

While the lawsuit is damning enough, it comes shortly after a letter signed by 18 members of the House of Representatives made its way to President Obama, calling for Archuleta and Seymour to be removed from their positions. Both women have come under fire recently for going against the recommendation of the Office of the Inspector General to shut down 11 of the OPM’s 47 computer networks because they were not properly secured. Archuleta has defended her decision, saying that shutting down that many networks would have created downtime that would cause employee paychecks and benefits to lapse.

Category: Cybersecurity