Treasury Employees to challenge judge’s ruling freeing govt. of responsibility for big cyberattack

WASHINGTON—The Treasury Employees (NTEU) will challenge a federal judge’s ruling freeing the government – their employer – of responsibility for a big data breach/cyberattack of its computers that disclosed personal information of 22 million present and former federal workers and their families.

“We immediately appealed the district court’s decision to the U.S. Court of Appeals for the D.C. Circuit,” said NTEU National President Tony Reardon on Sept. 19. “We will make our case there that NTEU members were harmed by the breaches and that the Office of Personnel Management’s indifference to securing its databases in the years leading up to the breaches violated NTEU members’ constitutional right to informational privacy.”

NTEU was one of two unions which sued the feds after the data breach two years ago. The lead union in the case, the Government Employees (AFGE), is still considering an appeal of Judge Amy Berman Jackson’s ruling, union President J. David Cox said.

Cox and Reardon both said the 74-page ruling was a “too narrow” interpretation of privacy law in the cases of cyberattacks and hacks.

The workers must show the data breach actually harmed them, the judge added – just as they would in a case involving a private firm that got hacked. They didn’t, Jackson said.

Jackson accepted the unions’ argument, backed by expert testimony, that the Chinese hacked OPM’s computers. But she said the unions didn’t prove a motive.

“We have here a situation where a long sequence of uncertain contingencies has to occur” before the workers and their families “suffer any harm,” the judge wrote. “What is more, the nature of that harm is entirely undefined.”

The judge agreed with the unions that “building blocks of identity theft” were stolen from OPM’s personnel files, stored on the agency’s computers. But the unions did not show “a particular objective” for the data theft “beyond the claim that it was carried out for an unspecified improper use.”

Jackson’s “unfortunate decision to dismiss AFGE’s case reflects an unduly narrow view of the rights of data breach victims,” said union President J. David Cox, the lead union.

“OPM failed to keep our most private and sensitive information from getting into the hands of Chinese hackers. We are deeply disappointed,” he added. Cox said the hacking would forever disrupt the lives of the workers and their families.

Reardon was more caustic.

OPM violated workers’ ”constitutional right to informational privacy” because it “recklessly disregarded nearly a decade of warnings from its own Inspector General about serious security vulnerabilities in its information systems. Those vulnerabilities paved the way for the theft of tens of thousands of NTEU members’ personal information from OPM’s databases,” Reardon said. That’s enough to give workers the right to sue, he stated.

Source: PAI