Members periodically inquire about why NTEU is suing the U.S. Office of Personnel Management over the massive data breach, thought to be perpetrated by Chinese hackers. The lawsuit was filed to protect members’ constitutional right to informational privacy, which OPM violated by failing to properly secure the records, despite numerous warnings about security deficiencies from OPM’s inspector general.
How bad was the problem and what did OPM know and conceal? A House Committee on Oversight and Government Reform report, "accuses OPM of misleading the public and Congress about the breaches to play down the fallout — criticizing the agency for its claims that the two cyber attacks were not connected and not proactively announcing the first breach when it was uncovered in 2014," according to The Washington Post. The article also notes that the problem was imminently preventable, noting that "numerous inspector general reports ... raised the alarm about the agency's digital security before the hacks," according to The Post.
Among other relief requested by NTEU in its lawsuit, NTEU wants the court to order OPM to provide lifetime credit monitoring and identity theft protection for any NTEU member affected by the cyber attacks and to take corrective measures to improve its information technology security. Lifetime credit monitoring is the least the government should do for this instance of gross OPM negligence. We all devote our lives to protecting human health and the environment, so we should be able to expect that the Office of Personnel management is protecting our information, and if they aren't, that they take care of protecting us after the breach.
But OPM doesn't want to protect you. Rather than OPM stepping up and doing what's right and providing long-term credit monitoring, OPM is seeking to dismiss the NTEU lawsuit. Oral argument on the OPM Motion to Dismiss is scheduled oral argument for Oct. 27. More on the NTEU lawsuit here.