U.S. Office of Personnel Management sued in data breach class action

Posted on: July 31st, 2015 by Steve Larson

Data SecurityA former U.S. attorney’s office employee filed a proposed class action in Kansas federal court accusing the federal Office of Personnel Management of allowing hackers to steal the personal information of millions of current, former and prospective federal employees by failing for years to address deficiencies in its security systems.  The plaintiff, Mary Woo, alleges in her complaint that the agency’s decentralized structure and refusal to address weaknesses identified through audits by its Office of Inspector General have resulted in numerous hacks, most notably two announced in quick succession this summer that compromised the personal information of at least 22.1 million people and led to Director Katherine Archuleta’s resignation.

The complaint also accused KeyPoint Government Solutions — the contractor tasked with handling most of the federal background checks managed by the OPM — of being incapable of protecting the data it collected and allowing OPM credentials to fall into the wrong hands.

Hackers are already taking advantage of the information they’ve stolen, mimicking OPM emails offering fraud protection in phishing attacks and reportedly selling OPM log-in credentials online, according to the complaint.

The case is Woo v. Office of Personnel Management et al, case number 6:15-cv-01220, in the U.S. District Court for the District of Kansas.