Edward W. Krippendorf v. United States of America, Office of Personnel Management

Updated: August 17, 2015

Status: Ongoing Case

On August 14, 2015, Labaton Sucharow filed a class action against the United States Office of Personnel Management (OPM) and KeyPoint Government Solutions, concerning multiple cyber breaches which compromised the security of more than 20 million people. Described by Congressional representatives as “the most devastating cyber attack in our nation’s history,” the breach resulted in the disclosure of personal information from current, former, and prospective employees and contractors of the U.S. government, as well as some family members of federal applicants.

The OPM, together with KeyPoint, conducts over 90 percent of the U.S. Federal Government’s background investigations—more than two million investigations every year. Since at least 2007, the OPM, which according to its website, “work[s] to make the Federal Government America’s model employer for the 21st century,” has been on notice of significant flaws in its cyber security protocol but failed to take the steps to remedy those deficiencies. Annual audits by the Office of the Inspector General found glaring and systemic cyber security deficiencies that the OPM consistently failed to address, which led directly to the unprecedented theft of highly sensitive information.

The plaintiffs allege the defendants’ actions constituted negligence and also violated the Privacy Act of 1974 and the Administrative Procedure Act, leaving millions susceptible to identity theft.

The case is Edward W. Krippendorf v. United States of America, Office of Personnel Management.