By Zach Warren, From Legaltech News

The American Federation of Government Employees claimed that OPM has been on notice about its cybersecurity deficiencies since 2007, yet took no corrective action

The Office of Personnel Management (OPM) may have shut down its Electronic Questionnaires for Investigations Processing (E-QIP) system as a precaution to protect against cyber breaches, but that won’t protect the government agency from lawsuits as a result of a previous attack that exposed up to 18 million workers’ data.

On June 29, the largest federal employees union, the American Federation of Government Employees (AFGE), filed a proposed class action lawsuit against OPM, claiming that the agency’s negligence contributed to the theft of employees’ private information. The lawsuit was filed in U.S. District Court for the District of Columbia, and it names OPM director Katherine Archuleta and chief information officer Donna Seymour as defendants.

In the lawsuit, AFGE claims that OPM has been on notice about its cybersecurity deficiencies since 2007, yet took no corrective action to sure up its defenses. Instead, it said, an Office of Inspector General report from 2014 revealed that OPM’s cyber defenses actually become worse over that time.

In particular, AFGE said that OPM, its director and its CIO violated the Privacy Act, which commands federal agencies to “establish appropriate administrative, technical, and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained.”

“AFGE will not sit idly by while OPM fails to comply with the most basic requests for information or provide an adequate response,” said the union’s leaders in a statement. “Even after this historic security breach, OPM has continued to use poor data security practices and inferior private-sector strategies to solve its security woes.”

The lawsuit seeks unspecified damages, and it also claims that the credit monitoring services that OPM offered affected employees is inadequate.

Multiple media reports say that OPM has not commented on the AFGE lawsuit. OPM revealed the data breach in early June, revealing that hackers had infiltrated the agency’s systems. The hackers gained unauthorized access to a database containing Standard Form 86, which is submitted by those applying for security clearance and contains, as the lawsuit notes, “[security] applicants’ financial histories and investment records, children’s and relatives’ names, foreign trips taken and contacts with foreign nationals, past residences, and names of neighbors and close friends such as college roommates and coworkers.”

For more on this story go to: http://www.legaltechnews.com/id=1202730954294/Largest-Federal-Employees-Union-Sues-OPM-Over-Data-Breach#ixzz3eeP2XHKw