Attorneys additionally filed the complaint in the name of anyone who received an email requesting a response to [email protected] from Jan. 23 to 27 and of all executive branch employees who did not receive an email about a system test.
It is unknown how many employees fit the complaint’s description out of the federal government’s civilian workforce of about 2.1 million.
Soon after, some executive branch employees received messages from senior officials advising them to consider any emails from the OPM email address to be valid, according to the complaint.
The lawsuit alleges that Acting Secretary of Homeland Security Chad Wolf sent a message Jan. 23 to all employees under his direction that the address “can be considered trusted.”
Beginning Jan. 24, some individuals allegedly received emails requesting they reply “Yes” to the message as part of a systems test.
Two days later, another message was allegedly received advising employees that the goal of the test was to confirm that emails can be sent to, and replies obtained from, every government employee.
Personal information collected was subsequently sent to Amanda Scales—newly appointed chief of staff of the OPM and former employee of Elon Musk’s artificial intelligence startup xAI—according to the allegation.
The lawsuit quotes a Reddit post, since deleted, from a supposed OPM employee who claims that an email server was installed into the agency’s network to make messages appear that they originated from the office.
Plaintiffs allege that the agency did not conduct a privacy impact assessment, as required by law for all servers or systems that involve personally identifiable information.
Harm was caused because the employees were not informed about how the email system was being utilized, according to the lawsuit.
Those seeking damages referenced other instances where the OPM ran afoul of privacy laws—including when data was breached by a foreign adversary in 2014 and 2015—and ultimately settled class action lawsuits for $63 million.
The U.S. House of Representatives Committee on Government Oversight and Reform published a report in 2016 outlining the potential damage caused by the data breaches.
“This is crown jewels material ... a goldmine for a foreign intelligence service,” Joel Brenner, former National Security Agency senior counsel, said in a statement.
Government officials alleged the conspiracy originated with hackers connected to the Chinese Communist Party.
“[OPM data] remains a treasure trove of information that is available to the Chinese until the people represented by the data age off,” Michael Hayden, former director of the Central Intelligence Agency, said in a statement. “There is no fixing it.”
The most recent lawsuit seeks to block the agency from storing sensitive employee data until a privacy impact assessment is completed and all applicable regulations are complied with.
Officials with the OPM did not respond to requests for comment before publication.
