WASHINGTON -- The largest federal employees union has filed a lawsuit against the federal personnel office and its leaders over a hack that exposed employees' personal data. The suit by the American Federation of Government Employees was filed in U.S. District Court for the District of Columbia. It alleges that negligence by federal officials contributed to the cybertheft of private information on up to 18 million current and former employees or contractors. The suit, which seeks class-action status, names the Office of Personnel Management, its director, Katherine Archuleta, and its chief information officer, Donna Seymour.
The lawsuit alleges that although OPM had been warned for years that its data security was suspect, it failed to take appropriate steps to safeguard employee information. The suit, which seeks unspecified damages, says the credit monitoring services OPM has provided to affected employees have been inadequate.
"AFGE will not sit idly by while OPM fails to comply with the most basic requests for information or provide an adequate response," union leaders said in a statement. "Even after this historic security breach, OPM has continued to use poor data security practices and inferior private-sector strategies to solve its security woes."
OPM did not have an immediate comment.
OPM, which screens and hires federal workers, revealed earlier this month that it was the target of two cyberattacks that compromised data on millions of current and former federal employees and applicants for security clearances.
The AFGE lawsuit cited a cybersecurity expert as saying log-in credentials stolen in the breach are being offered for sale on the internet.