GSP, P.C. is investigating a possible claim on behalf of all persons, including federal employees, whose private information was compromised as a result of the data breaches announced by the Office of Personnel Management (“OPM”) on June 4, 2015 and July 9, 2015.
On June 4, 2015, the OPM announced that it would notify approximately 4 million current and former federal applicants and employees in the executive branch of the government that the OPM’s database had been hacked and employee’s private information was stolen.
On July 9, 2015, the OPM announced a second, “related cybersecurity incident” that affected 22.1 million individuals that included the theft of employees’ social security numbers, including 19.7 million people who applied for a background investigation, and 1.8 million non-applicants, mostly spouses or co-habitants of the applicants. Anyone who underwent a background investigation since 2000 is likely to have had their private information stolen.
The OPM now concedes that the stolen information includes social security numbers, residency and educational history, employment history, information about immediate family and other personal and business acquaintances, health, and criminal and financial history. Usernames and passwords used to fill out the investigation forms were also stolen.
Since at least 2007, the OPM has been on notice of significant deficiencies in its cyber security protocol, and has failed to take the appropriate steps to prevent the OPM data breach.
In its November, 2014 audit report, the OIG identified several cyber security deficiencies that “could potentially have national security implications,” including a decentralized governance structure, a lack of acceptable risk management policies and procedures, failure to maintain a mature vulnerability scanning program to find and track the status of security weaknesses in software systems, a high rate of false security alerts, remote access sessions which did not terminate or lock out after a period of inactivity, and other failures.
Donna Seymour, Chief Information Officer of the OPM, conceded to Politico that the penetrated databases did not use industry best practices such as encryption.
One day after revealing the second, larger OPM data breach, the OPM Director resigned.
If you have been notified by the OPM that your information was stolen or if you believe that you are a victim of the OPM data breach, please contact a GSP attorney to learn more about your rights. GSP attorneys are actively litigating data breach actions against Community Health Systems, Anthem, Premera, Intuit and Target. Please contact Mark Goldman at [email protected] or Paul Scarlato at [email protected] or call (484) 342-0700 with any questions you may have.