A federal appeals court has found that plaintiffs representing 22 million federal workers whose personal data was compromised by a breach by the Office of Personnel Management have standing to sue over the issue.
And that revives a claim against the government that had been dismissed several years ago.
The Court of Appeals for the District of Columbia said on appeal it found that the plaintiffs did, in fact, “have adequately alleged Article III standing.”
They also have properly stated a claim under the Privacy Act “which waives OPM’s sovereign immunity.”
It returned the fight to the lower courts for “proceedings consistent with this opinion.”
The Electronic Privacy Information Center, which had added its arguments to the case earlier, explained, “The case concerns the data breach at the U.S. Office of Personnel and Management in 2015 that affected 22 million federal employees, their friends, and their family members.”
The case earlier had been dismissed but the appeals judges ruled “victims of the breach have the legal right, or ‘standing,’ to sue over the failure to protect their personal data.”
“It hardly takes a criminal mastermind to imagine how such information could be used to commit identity theft,” the court conclude.
The case had been dismissed back in 2017, and WND reported then the trial judge told millions of Americans the government can let hackers gain access to their personal details without consequences.
The newest decision affected several cases that were brought over the 2015 hack of personal information of some 22 million federal employees and family members from the Office of Personnel Management.
It was Judge Amy Berman Jackson who had dismissed the consolidated case.
She found that the “cyberattack against the United States” compromised the records and personal data of 22 million people, but said they have no recourse.
EPIC had explained that it long has argued data-breach victims should not wait until they suffer identity theft to sue the parties that failed to protect their data. The organization said it has suggested changes to the federal Privacy Act to address the current issues.
EPIC said the theft was “one of the worst data breaches in U.S. history.”
At a congressional hearing at the time, the director of the OPM, essentially the human resources department for the entire federal government, refused to reveal the numbers of people affected.
The federal agency had reported initially that some 4.2 million federal workers had their personal information compromised, possibly stolen by the Chinese government.
Reuters reported agency chief Katherine Archuleta described two breaches on her watch at OPM. One stole the details of about 4.2 million current and former workers. Details of the second breach that penetrated the background check system, which contains extremely sensitive data, weren’t immediately disclosed.
Just a day earlier, Republican Senate Majority Leader Mitch McConnell described her responses as “world-class buck-passing.”
WND reported the concern that China could have Social Security numbers, personal financial data and other sensitive information.
Several national security experts told WND back then that China could use the data for its own purposes or sell it to the highest bidder purely for profit, including an enemy of the United States.
Lt. Gen. (Ret.) William “Jerry” Boykin, now executive vice president of the Family Research Council, said at the time the prospect of military or civilian leaders having their personal information sold to terrorists must be taken seriously.
“First of all, you have to ask yourself what could an individual citizen in America do with your personally identifiable information?” Boykin told WND. “Stolen identities are big business and very problematic, and the Chinese could use that for the same thing a criminal would. Don’t kid yourself.”
He said China could steal the IDs from the OPM database and then sell them to Iran, ISIS or an other foreign enemy.