Federal government employees said this week they’ll appeal a judge’s decision that they can’t sue for damages from the 2015 Office of Personnel Management data breach.
U.S. District Judge Amy Berman Jackson ruled Tuesday that the employees couldn’t show the data stolen — including financial, health and other very personal data from some 22 million personnel files — has been used by the hackers.
But that decision didn’t sit well with the labor unions representing many government workers, who had filed a class-action lawsuit demanding the government do more to protect data in the first place, and to assist those who had their information stolen.
The National Treasury Employees Union filed a notice that it was appealing the ruling, while the American Federation of Government Employees National said it’s considering its next steps.
J. David Cox Sr., president of the AFGE, said Judge Jackson’s ruling took too narrow a view of the rights of victims of the data breach.
“OPM failed to keep our most private and sensitive information from getting into the hands of Chinese hackers. We are deeply disappointed by the judge’s ruling in favor of OPM,” said Mr. Cox in a press release Wednesday.
Security analysts have fingered Chinese hackers as the likely culprits of the hack, though China has denied this.
Analysts have struggled to find evidence of the data they stole being sold or used. Some government employees said they had experienced fraud, but Judge Jackson said the links between that fraud and the OPM hack were too tenuous to sustain a case.
“As for those plaintiffs who allege the they have already experienced an actual misuse of their credit card numbers or personal information, the cannot tie those disparate incidents to this breach,” she wrote in her opinion.
Since the hack, OPM revamped its cybersecurity protection with new tools, and enacted a two-factor authentication log in for employees in order to increase security.
It also created a position for a cyber security adviser to report directly to OPM’s director.
• Alex Swoyer can be reached at aswoyer@washingtontimes.com.
Please read our comment policy before commenting.