nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Slain: Unions' US OPM mega-hack lawsuit against Uncle Sam

You have to get shafted before you can sue, says court

By Iain Thomson, 21 Sep 2017

A lawsuit brought against the hacker-ransacked Office of Personnel Management on behalf of US federal employees has been killed.

On Wednesday, Judge Amy Berman Jackson ruled in a District of Columbia court that the case, brought by the American Federation of Government Employees and the National Treasury Employees Union, could not go ahead. The two unions represent a combined total of roughly 850,000 federal workers.

The legal challenge was brought against Uncle Sam under the Privacy Act, and the judge said the plaintiffs couldn’t demonstrate they had suffered harm.

The unions had been asking for financial compensation after a catalogue of failures by the OPM’s IT staff left the agency’s servers wide open to attack. fingerprints, national security clearance dossiers and other highly sensitive personal information on 22 million people were obtained by hackers unknown – but believed to be part of a Chinese state-sponsored hacking team.

US govt now says 21.5 million people exposed by OPM hack – here's what you need to know

READ MORE

“The judge’s unfortunate decision to dismiss AFGE’s case reflects an unduly narrow view of the rights of data breach victims,” said the AFGE in a statement yesterday.

“OPM failed to keep our most private and sensitive information from getting into the hands of Chinese hackers. We are deeply disappointed by the judge’s ruling in favor of OPM.”

If the OPM data really was stolen by those working for the Chinese government, then the affected employees may never be able to sue. The stolen information, which included background checks for security clearance information, is most likely going to be used for spying rather than profit.

“NTEU strongly disagrees with the district judge’s ruling that our members were not sufficiently harmed by the OPM data breaches to show legal standing to bring the case to court,” said NTEU national president Tony Reardon, adding that the union would be appealing the verdict.

“We will make our case there that NTEU members were harmed by the breaches and that OPM’s indifference to securing its databases in the years leading up to the breaches violated NTEU members’ constitutional right to informational privacy.”

While the Feds think it has caught a Chinese coder responsible for the malware used against the OPM, it’s still no closer to finding the hackers themselves. The same group is thought to be behind an extensive hacking of United Airlines. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing