Saturday, August 1, 2015 - A trio of lawsuits centered around the hacking of government computer systems under the control of the Office of Personnel Management have requested for their claims to be consolidated into multidistrict litigation in Washington D.C. The claims allege that more than 20 million people including and connected to government employees with personal information handled by the Office of Personnel Management (OPM) were the victims of a database hack that potentially compromised the information held by the government organization.
Despite a report for the Congressional Research Service that claimed criminal charges would be unlikely to follow the data breach, the Department of Justice requested three lawsuits connected to the incident be consolidated into an MDL before the Judicial Panel on Multidistrict Litigation. The OPM data breach stands as the largest cyber attack against the U.S. government.
Information that has reportedly been compromised for the roughly 21.5 million people affected by the breach includes social security numbers, financial information, fingerprints and additional sensitive data held by the OPM. The data breach is similar to one that occurred in June, although the two episodes are believed to be separate events. The data breach was reported to have reached to each person who has been subject to a governmental background check at any point since 2000.
The three lawsuits the DOJ is pursuing consist of one filed by two members of the American Federation of Government Employees, one brought by the union representing employees of the National Treasury and the last coming from Wichita, Kansas where a former federal employee is enlisting the help of a number of law firms in their suit. The DOJ is hoping that the consolidation of the suits will assist in their ability to combine efforts to investigate and litigate the lawsuits efficiently before a single federal judge.
Government officials looking into the data breach have indicated that China is suspected to be involved in the hacking efforts. If the hack was in fact an attack from the Chinese government, criminal charges would not be likely as officials would anticipate the use of counterintelligence to deal with such a situation. The current breach as well as the one in June that affected more than 4 million people are both being treated as attacks initiated by China. The U.S. has only charged another country with cyber espionage one time; the country charged members of China‘s People‘s Liberation Army in 2014 for a data breach aimed at U.S. businesses.
Criminal charges could be necessary however if the files were stolen with the hopes of exploiting them for commercial purposes. These would include identity theft or the use of financial information to defraud the victims for money or unauthorized purchases. The OPM is taking measures to shore up their ability to defend the information it holds in the events of another data breach attack. Those affected by the most recent breach have also been offered a number of services to assist in monitoring their financial and personal information to deter manipulation by those who stole the data.