WASHINGTON (PAI) – The nation’s largest federal workers union is suing its bosses – the federal Office of Personnel Management – over the huge personal data breach that resulted from a cyber attack on OPM’s computers. The cyber attack exposed confidential data, everything from medical records to Social Security numbers to security clearances, of between four million and 18 million present and former workers.
The suit by workers Robert Crawford and Adam Dale, and their union, the American Federation of Government Employees (AFGE) says OPM leaders “failed to heed warnings, obey security policies and are liable for one of the largest data breaches in U.S. history.”
OPM revealed, reluctantly, that at least four million present and former federal workers had all their records hacked. Investigations show numerous holes in the government’s protection against cyber attacks, including its reliance on private contractors to carry out the work.
After filing the class-action suit, AFGE President J. David Cox, Secretary-Treasurer Eugene Hudson and Vice President for Women and Fair Practices Augusta Y. Thomas said that the union “will not sit idly by while OPM fails to comply with the most basic requests for information or provide an adequate response.
“Even after this historic security breach, OPM has continued to use poor data security practices and inferior private-sector strategies to solve its security woes,” they added.
“Since 2007, officials at OPM have been alerted to their lackluster data security policies and protocols and failed to take appropriate steps to safeguard the information. Although they were forewarned about the potential catastrophe that government employees faced, OPM’s data security got worse rather than better.
“Despite putting government employees and their loved ones at significant personal and financial risk, OPM has failed to reveal the full scope of who was specifically impacted by the data breach and the extent of the information taken. Additionally, the credit monitoring services that OPM provided have not only fallen short, but actually created more potential security risks for employees.”
The union also said OPM refuses to detail how big the breach is and who was hacked, so it filed the suit to get that information. Meanwhile, it’s asking its own members to come forward with evidence that they’ve been hacked.
The union filed its case on June 29 in U.S. District Court in D.C. No date has been set for a hearing yet.