The Hill reports:
A District of Columbia court has dismissed two lawsuits over the Office of Personnel Management (OPM) data breach disclosed in 2015.
The American Federation of Government Employees, the largest federal workers union, filed the class action lawsuit against the OPM in June 2015, alleging that the breaches stemmed from gross negligence on the part of federal officials.
The lawsuit was one of two consolidated complaints related to the OPM breach that the U.S. District Court for D.C. dismissed on Tuesday, ruling that both sets of plaintiffs lacked the standing to bring their cases.
Read more on The Hill.
Okay, since these lawsuits weren’t under the same laws we generally see in consumer lawsuits over breaches, we’ll have to dig into this one a bit more to see why the court did not find that the plaintiffs had standing. In the meantime, I’ll keep an eye out to see if any law firms provide an analysis of the opinion on their sites that I can link to here.
Keep in mind that I consider the OPM breach one of the worst breaches ever because of the amount of personal and sensitive information involved. If these plaintiffs have trouble demonstrating why they have standing, well….. maybe it’s time to revisit what it should take to demonstrate standing when your background checks, biometric data, and other personal and sensitive information wind up in the hands of unknown threat actors due to an entity’s failure to adequately safeguard your information.
Likely forcing victims “to prove” that they were negatively effected and positively correlate that damage to the breach itself. – An impossible task and likely setting precedence for many of cases to come, which further emphasizes that negligence is OK.
Agree that OPM is one of the worst breaches ever. Equifax may outpace it as to sheer number of individuals, but the types and sensitivity of OPM data is staggering as to potential impact. And agree with Dregus’ comments as well.