Second federal workers union sues OPM over breach

Second federal workers union sues OPM over breach
© Getty Images

A second major federal workers union is suing the Office of Personnel Management over the catastrophic breaches that have rattled the administration and laid bare millions of people’s personal data.

The National Treasury Employees Union (NTEU), which represent 150,000 employees across 31 federal agencies and departments, is accusing the agency of failing to protect scores of federal workers’ data.

ADVERTISEMENT

“We believe that a lawsuit is the best way to force OPM to take immediate steps to safeguard personnel data, prevent such attacks in the future and help our members protect themselves against the fallout,” said NTEU National President Colleen Kelley.

The NTEU joins the largest federal workers union, the American Federation of Government Employees (AFGE), which sued the OPM two weeks ago.

The NTEU alleges in its lawsuit that the OPM failure to properly heed warnings about major security failures in its networks was unconstitutional.

“It is outrageous that OPM was told years ago that its cybersecurity protections were woefully inadequate but did little about it,” Kelley said. “Federal employees entrust highly personal information to OPM with the expectation that it will be kept confidential and safe from unauthorized access.”

The union wants the court to force the OPM to provide a lifetime of credit-monitoring services for breach victims and to require it to upgrade the security of its networks.

The OPM maintains a short-term review of its system and long-term plan to upgrade its networks will improve its security.

NTEU will face an uphill battle with its suit.

The law allows only narrow exemptions for people to sue the federal government for negligence.

In many cases, the government enjoys “sovereign immunity,” essentially meaning that one cannot sue the government unless it says so.

The OPM has also tried to distance itself from culpability in its notification letter to victims of the breach.

“Nothing in this letter should be construed as OPM or the U.S. Government accepting liability for any of the matters covered by this letter or for any other purpose,” it read.