Sunday, October 18, 2015 - A data hack that affected more than 20 million federal employees spurred a series of lawsuits that were consolidated into multidistrict litigation on October 9. The Judicial Panel on Multidistrict Litigation (JPML) centralized three lawsuits all naming the Office of Personnel Management (OPM) and KeyPoint Government Solutions, Inc. (Keystone) as the defendants in allegations that claimed the two organizations were liable for data hacks that compromised the personal information for roughly 21.5 federal employees and applicants. The transfer order also mentioned 11 additional cases that are included as tag-along actions that may enter the MDL further down the road.
The plaintiffs claim that OPM and Keystone bear responsibility for data hacks that occurred in July. The OPM reported that among the data compromised as a result of the hack include Social Security numbers, financial histories and mental health records, in addition to further information possibly gathered by the cyber hackers. The breach was similar to one that took place in June, however this particular incident is reportedly the largest of its kind in U.S. history. The hack that took place in une affected 4 million federal employees. China was named as a potential suspect in the preliminary investigation into the incident.
Officials speaking on behalf of the government claims that the personal information, while a valued loss to those who had their information taken, is not as important as the potential counter intelligence information that may have been compromised. The Department of Justice asked for the three lawsuits against Keystone and the OPM to be consolidated, even though the Congressional Research Service claimed that criminal charges would not be likely against the defendants.
The three lawsuits that were filed come from current and former federal employees, as well as a union representing federal employees. A union representing federal National Treasury employees filed one of the lawsuits, a former federal employee from Wichita, Kansas filed another and the third came from two members of the American Federation of Government Employees. The plaintiffs claim that the OPM and Keystone had an obligation to provide stiffer data security that would have prevented such an attack from affecting so many federal employees.
The JPML centralized the actions after finding that all of the lawsuits shared factual similarities close enough to benefit from the lawsuits being transferred to a district court before a single federal judge. The JPML selected the District of the District of Columbia federal court as the location to which the lawsuits will be transferred as all the federal defendants in the case are located in Washington D.C., as well as the location of a Keypoint office closeby.
A number of parties lobbied for Colorado as a central location for the MDL, however the JPML determined that the Washington D.C. location was the most convenient for the parties involved. Keystone, whose headquarters on in Colorado, agreed to accommodate travel for its employees that would have to travel to the District of District of Columbia federal court. The lawsuits will be heard before U.S. District Judge Amy Berman Jackson.