Union to Seek Financial Compensation for Everyone Affected by OPM Hack

This story has been updated. 

A federal employee union is seeking to give every current and former federal employee affected by the hack of personal data maintained by the Office of Personnel Management financial compensation for the breach, the group said on Tuesday.

The American Federation of Government Employees, which announced the lawsuit Monday evening, said it would seek both damages and injunctive relief. The District Court for the District of Columbia at a to-be-determined date will consider a motion to certify all 4.2 million -- and possibly more -- affected employees and retirees as a class.

Citing the 1974 Privacy Act, AFGE’s attorneys said on a call with reporters the damages portion of the lawsuit will seek to compensate the former and current workers financially. The union will argue the employees suffered out-of-pocket losses in the form of replacing credit cards, closing accounts, additional credit monitoring on top of what OPM has provided and other steps individuals may have taken in response to the breach. AFGE did not offer a definitive amount of money it would seek, noting it still must assess damages and the total will be worked out in the discovery period.

Daniel Girard, of the California-based law firm Girard Gibbs LLP, which has experience litigating breaches such as the hack of information at Target and Anthem and which AFGE has contracted to pursue the suit, emphasized employees do not have to be victims of identity theft to demonstrate damages. 

Once personal information has been compromised, “our position is harm has occurred from that moment forward,” Girard said. He added, however, that the union has already received claims from members that false tax returns have been filed in their names and there have been attempts to open accounts in their names since the breach.

By also pursuing injunctive relief, AFGE is attempting to force OPM’s hand to take “remedial steps” to mitigate the impact of the breach. The union wants the court to force the human resources agency to increase its transparency on what it knows about the hack and to implement recommendations from various audit reports.

Specifically, AFGE wants OPM to: create centralized cybersecurity governance, institute a multi-layer authentication process, encrypt Social Security numbers and implement an internal authentication system.

AFGE National President J. David Cox said the lawsuit was “the only way to prompt OPM to act in the best way for those affected. “

If the court grants the class action, employees will not have to proactively sign up to join the class, Girard said. They would automatically be included in the class.

Financial compensation following the hack of a government agency is not without precedent; the Veterans Affairs Department agreed in a settlement to pay $20 million to military members after the names, dates of birth and Social Security numbers of 26.5 million active duty troops and veterans were stolen off a computer.  The National Labor Relations Board ruled earlier in 2015 the U.S. Postal Service violated labor laws by not at least negotiating with unions on the agency’s response to its employees’ data being compromised.

AFGE will also argue those affected by the hack have suffered “anxiety and emotional distress.” Asked how they plan to prove that claim, Cox said, “Come live with my wife, who is a federal employee, and I can demonstrate it.” He added AFGE’s phones have been ringing off the hook with questions and concerns about the breach, and the hack is “the topic of conversation from the time they get up to the time they go to bed at night.”

Girard said the pursuit of the injunctive relief was the best course of action, legally, to appease the emotional concerns of those affected.

AFGE has not joined the growing chorus of lawmakers calling on OPM Director Katherine Archuleta, who is a named as a defendant in the suit, to resign, and Cox declined to grade her performance in relation to the hack.

“There is room for improvement and that is one of the reasons we have filed this lawsuit,” Cox said. 

When asked for comment, OPM referred Government Executive to the Justice Department. Justice said it was "reviewing the complaint." 

(Image via Nata-Lia / Shutterstock.com)