Nearly 20K Hack Victims Have Signed Up for Payouts of Up to $10K From OPM Settlement

More than 19,000 current and former federal employees, contractors, federal job applicants and their family members have signed up to receive payouts from the government as part of a settlement agreement stemming from a 2015 breach of data maintained by the Office of Personnel Management. 

Those individuals are set to receive a minimum of $700 and up to $10,000 from the agreement if they can prove they were victims of the hack and incurred out-of-pocket expenses or lost compensable time. More than 22.1 million people were impacted by the breach, and have until Dec. 23 to file a claim for damages. The plaintiffs are part of a class action lawsuit that reached a $63 million settlement earlier this year with OPM and its contractor, now known as Peraton Risk Decision Inc. 

OPM disclosed two data breaches in 2015: one that exposed the personnel files of all current and former federal employees and another that released the personally identifiable information of all applicants for security clearances, as well as their families.

The U.S. District Court for the District of Columbia has preliminarily approved of the settlement, but will hold a hearing on it on Thursday before granting its final approval. Fourteen individuals have objected to the settlement, according to a new filing by Epiq, the firm overseeing the implementation of the agreement. Their objections will be heard at the hearing. An additional 225 victims made requests to be excluded from the settlement, which would enable them to pursue separate lawsuits against the government. 

OPM and Peraton, known as KeyPoint Government Solutions at the time of the hack, have denied any wrongdoing but still agreed to the settlement. The defendants have already agreed to pay the plaintiffs’ attorneys from Girard Sharp LLP $7 million in fees. Congress has mandated that OPM provide victims 10 years of credit monitoring and identity theft protections. The agency has signed two contracts with ID Experts to provide the services, the first worth $340 million and the second worth up to $416 million. 

In order to qualify for the payouts, hack victims must show they purchased their own credit monitoring or identity theft protection services, accessed a credit report or made efforts to mitigate an identity theft incident. Epiq, which said it expects more class members to file claims over the next two months, will review and audit all claims that it receives. Individuals must affirmatively make a claim to be eligible for monetary compensation, which they can do on OPMDataBreach.com. They are encouraged to provide documentation of their related expenses, for which they can be compensated up to $10,000. 

Epiq has provided notice to hack victims of the settlement and the steps for signing up. It has also overseen an advertising campaign to raise awareness of the agreement, suggesting it would make more than 700 million impressions through print, digital and social media ads.