Settlement Reached Over Chinese-Perpetrated OPM Hack

Settlement Reached Over Chinese-Perpetrated OPM Hack
The entrance to the Theodore Roosevelt Federal Building that houses the Office of Personnel Management headquarters is shown in Washington on June 5, 2021. Mark Wilson/Getty Images
Updated:

Parties involved in a class-action lawsuit over the 2015 Office of Personnel Management (OPM) breach announced in court filings on May 6 that they have reached a $63 million settlement in the matter.

Plaintiffs, including the National Treasury Employees Union (NTEU) and American Federation of Government Employees (AFGE), sued OPM in July 2015 after the U.S. government revealed that hackers had taken the personal information of over 21 million current, former, and prospective federal employees and members of their families.

The files were allegedly stolen by Chinese hackers, who installed malware and extracted sensitive information such as birthdates, Social Security numbers, 5.6 million sets of fingerprints, psychological and emotional health information, and personal histories of “gambling compulsions, marital troubles, and past illicit drug and alcohol use,” according to court records.

Security experts have warned that the Chinese Communist Party (CCP) can use the hacked OPM data to blackmail government employees, recruit insiders as spies, and monitor people who speak out against its policies.

Previous reporting by The Epoch Times revealed that the Chinese regime was using stolen information from the OPM hack and other breaches to build a massive database on Americans, using it for political and economic espionage.

Litigation over the breach lasted nearly five years before a federal judge referred the case to private mediation in January 2020. The settlement agreement filed on May 6 says that “the substance of the parties’ negotiations remains privileged.”

On May 5, the parties reached an agreement for OPM to pay $60 million into a settlement fund for victims of the hack. OPM contractor Peraton, whose system was also breached, will pay $3 million into the fund, as per the agreement.

Victims will be eligible to receive between $700 and $10,000, according to the settlement, which still requires the approval of a federal judge.

“The settlement is the result of extensive negotiations and accounts for the unique aspects of this litigation, including the strict limitation on recovering from the Government and the causation problems that Defendants would have argued result from the hack’s attribution to a foreign state actor,” lawyers wrote in the agreement, urging the judge for approval.

“That these data breaches were attributed to the Chinese government, apparently motivated by foreign policy considerations, would have compounded the risks associated with tracing plaintiffs’ harm to [OPM].”

If approved, OPM and plaintiffs’ attorneys will launch an email and public relations campaign to notify the millions of potential claimants, the agreement said.

A hearing has yet to be scheduled for a judge to consider the proposed settlement. Not all plaintiffs have agreed to settle. District Judge Amy Berman Jackson granted permission on May 9 for those plaintiffs to file an amended complaint.