U.S. Treasury employees sued seeking lifetime identify theft protection following one of the largest and most serious cyber-attacks in the government’s history.
The complaint by the U.S. Treasury Employees Union against the Office of Personnel Management and director Katherine Archuleta comes two weeks after she told Congress that Social Security numbers for as many as 18 million people were taken in a hacker breach last year. Some lawmakers have called for her resignation.
The union, calling the attack a violation of the constitutional right to privacy, accuses Archuleta of failing to take adequate steps to protect workers’ data. Federal officials familiar with the breach have said that hackers connected to the Chinese government are believed to be responsible for gaining access to personal information about people who apply for security clearances.
The union, in the complaint filed Wednesday in San Francisco federal court, seeks an order for the government to provide lifetime credit monitoring and to stop collecting digital personnel records until it takes appropriate steps are taken to make sure they are secure.
Samuel Schumach, a spokesman for the Office of Personnel Management, declined to comment on the lawsuit.
The agency said in a report released in June that it’s taken steps, including installing more firewalls and mandating cybersecurity training, to shore up its networks since Archuleta became director, Going forward, the agency will hire a new cybersecurity adviser and consider encrypting more data to guard against hackers, according to the report.
The case is National Treasury Employees Union v. Archuleta, 3:15-cv-03144, U.S. District Court, Northern District of California (San Francisco).