Federal Employees’ Lawsuit Reinstated for Data Breach of Personal Information

June 25, 2019 by Tom Ramstack
District of Columbia Court of Appeals. (Photo by Dan McCue)

WASHINGTON – Federal employees will get their day in court after the D.C. Circuit Court of Appeals ruled last week that their lawsuit over an Office of Personnel Management data breach can be reinstated.

A trial court dismissed the lawsuit accusing OPM of negligence for allowing hackers in 2014 to breach the agency’s computer network, exposing sensitive information of 21.5 million people. The hack was believed to have been espionage by China.

The hacked information included Social Security numbers, birth dates, addresses and fingerprint records of employees and applicants to the federal government. OPM is the government’s main human resources agency.

A court in 2017 consolidated the ensuing lawsuits into two claims by the National Treasury Employees Union and the American Federation of Government Employees, who claim violations of the Privacy Act and the constitutional rights of their members.

A federal district court judge in Washington then said the labor unions lacked standing to sue and could not overcome the government’s immunity from liability.

However, the D.C. Circuit Court of Appeals disagreed, saying the evidence already showed some of the plaintiffs were subjected to fraud because of the data breach. It included identity theft, such as credit cards being opened and fraudulent tax returns in the victims’ names, according to the lawsuit.

Other victims are at a higher risk of identity theft, meaning they have enough of an injury to prove they have a good reason for a lawsuit, the appellate court ruled.

“There is no question that the OPM hackers … now have in their possession all the information needed to steal [plaintiffs’] identities,” the court’s ruling says. “It hardly takes a criminal mastermind to imagine how such information could be used to commit identity theft.”

The “plaintiffs have plausibly alleged a substantial risk of future identity theft that is fairly traceable to OPM’s … cybersecurity failings and likely redressable, at least in part, by damages,” the appellate court’s ruling says.

The appeals court added that the district court erred by finding the Privacy Act gives the government immunity from lawsuits despite the fact OPM was warned about data breaches before the 2014 attack.

Part of the evidence for negligence was based on past OPM inspector general reports that found failings in the agency’s computer security. The court said security remains lax.

“The complaint’s plausible allegations that OPM decided to continue operating in the face of those repeated and forceful warnings, without implementing even the basic steps needed to minimize the risk of a significant data breach, is precisely the type of willful failure to establish appropriate safeguards that makes out a claim under the Privacy Act,” the ruling says.

Also named as a defendant in the lawsuit was KeyPoint Government Solutions, a contractor that assisted with background checks and security clearance investigations on government employees and applicants.

The contractor had access to OPM’s computer databases. The hackers used KeyPoint’s credentials to breach the databases.

The appeals court also criticized the lower court for relying on information from Defense Department officials who speculated the Chinese government sponsored the computer breach.

The lower court reasoned that foreign government espionage was not likely to create a risk of identity thieves stealing money through bogus tax returns or credit card purchases.

The appellate court again disagreed, writing, “As an initial matter, the district court should not have relied, even in part, on its own surmise that the Chinese government perpetrated these attacks.”

The case is AFGE, NTEU v. Office of Personnel Management, U.S. Ct. App. for D.C., No. 17-5217, June 21, 2019.

Litigation

Census Bureau Reverses Course on Layoffs After Court Order
Census
Census Bureau Reverses Course on Layoffs After Court Order
September 8, 2020
by Dan McCue

The Census Bureau told a federal judge on Tuesday that it will delay laying off some census takers and will restore quality-control measures it had already begun winding down as the end of the once-a-decade population count nears its end. The notice, in a court filing,... Read More

Tech Giants Try to Dismiss Lawsuit Accusing Them of Child Labor Violation
Litigation
Tech Giants Try to Dismiss Lawsuit Accusing Them of Child Labor Violation
August 27, 2020
by Tom Ramstack

WASHINGTON -- Some of America’s technology giants are trying to get a federal judge to dismiss a lawsuit accusing them of promoting the use of children to mine cobalt for their lithium-ion batteries. Apple, Google, Microsoft, Dell and Tesla said in their motion to dismiss this... Read More

Trump Campaign Lawsuit Over Ballot Drop Boxes is Placed on Hold
Litigation
Trump Campaign Lawsuit Over Ballot Drop Boxes is Placed on Hold

A lawsuit by President Donald Trump’s campaign seeking to block Pennsylvania counties from using drop boxes to collect mail-in ballots was put on hold Sunday by a federal judge who said state courts should have a chance to decide the matter first. U.S. District Judge J.... Read More

Voter Lawsuit Aims to Block Mask Mandate at Minnesota Polling Places
Litigation
Voter Lawsuit Aims to Block Mask Mandate at Minnesota Polling Places

MINNEAPOLIS — A group of voters backed by Republican legislators sued Gov. Tim Walz and other state and local officials Tuesday in federal court, aiming to block a face mask requirement at polling places. Members of the Minnesota Voters Alliance and GOP lawmakers contend Walz’s mask... Read More

2020 Election Will Be Most Litigated in US History
Political News
2020 Election Will Be Most Litigated in US History

The 2020 election between President Donald Trump and Joe Biden is shaping up to be the most litigated in U.S. history, as changes to balloting prompted by the coronavirus pandemic spur lawsuits that could leave the outcome in suspense for days or even weeks. A recent... Read More

Trump Administration Walks Back Rule on Foreign Students
Education
Trump Administration Walks Back Rule on Foreign Students
July 14, 2020
by Dan McCue

WASHINGTON - The Trump administration has rescinded a rule that would have required international students to transfer or leave the country if their schools held classes entirely online because of the pandemic. The decision was announced at the start of a hearing in a federal lawsuit... Read More

News From The Well
scroll top