OPM Hit with $5M Data Breach Class Action Lawsuit

The U.S. Office of Personnel Management has been hit with a proposed $5 million data breach class action lawsuit filed by a former U.S. attorney’s office employee. Lead plaintiff Mary C. Woo of Kansas claims she was one of 22 million individuals who had her personal information stolen after a security breach she believes could have been avoided.

Woo worked for the federal government for 28 years and was subject to at least three background investigations based on her employment positions. As one of millions of Americans who had their personal information hacked, Woo alleges she and potential Class Members will continue to suffer from the data theft.

The OPM class action lawsuit alleges the data breach allowed hackers to obtain the private information of millions of potential, current and former federal employees. Some of the personal details stolen included: Social Security numbers, employment history, health backgrounds, criminal and financial history, and residential history.

Lead plaintiff Woo claims that the OPM, along with former director Katherine Archuleta and chief information officer Donna Seymour, violated the Privacy Act of 1974 as well as the Administrative Procedure Act. Woo also named defendant KeyPoint in the class action lawsuit, accusing the largest government contractor who performs employee clearances of negligence.

The OPM data breach lawsuit alleges that since 2007, the OPM has been aware of significant deficiencies in its cyber security. Lead plaintiff Woo claims that Seymour and Archuleta repeatedly failed to comply with safeguard changes required by audits performed by the Office of Inspector General.

Since the federal agency did not comply with mandated security changes, the OPM lawsuit accuses the defendant of failing to adhere to the Privacy Act which requires federal agencies to “establish appropriate administrative, technical, and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained.”

Woo claims she filed the OPM class action lawsuit after two separate cyber hacks left millions of Americans vulnerable to data theft. The plaintiff further alleges that prior to the data breach, OPM received 10 million confirmed intrusion attempts at its network over the course of an average month, yet did nothing to address the problems.

On June 4, 2015, the OPM admitted that its software system had been hacked and about 4 million current, former and potential federal employees’ personal information had been stolen.

Again on July 9, 2015, the OPM confirmed that a cybersecurity incident led to the personal information theft of 22.1 million individuals.

If approved, the OPM data breach class action lawsuit would be open to all Class Members who had their PII compromised as a result of the data breach announced by the OPM on June 4, 2015 and July 9, 2015.

Woo is represented by Norman E. Siegel, Barrett J. Vahle, and J. Austin Moore of Stueve Siegel Hanson LLP.

The OPM Data Breach Class Action Lawsuit is Woo v. Office of Personnel Management, et al, Case No. 6:15-cv-01220, in the U.S. District Court for the District of Kansas.