Office of Personnel Management hack $63M settlement approved by federal judge
A federal judge has given final approval for a proposed $63 million settlement to bring to an end a class action lawsuit brought over the Office of Personnel Management data breaches in 2015.
U.S. district judge Amy Berman Jackson in a hearing on Oct. 14 said the agreed-upon figure was fair and gave approval for the settlement to proceed.
Judge Jackson in June gave preliminary approval for the settlement to proceed, and at the time described the terms as “fair, reasonable, and adequate, and in the best interest of named plaintiffs and class members.”
Most class action lawsuits involve a fairness hearing, during which the judge will consider whether the proposed settlement figure is “fair, reasonable and adequate”, and hear any objections.
Following the final fairness hearing, prospective participants will still have until Dec. 23 to join the lawsuit, after which the validity of each claim will be assessed. Assuming there are no appeals, payouts to claimants are expected to take place in the first or second quarter of next year.
Under terms of the settlement, each claimant is entitled to a minimum of $700 per claim, up to a maximum of $10,000 per claim.
Speaking with FedScoop, attorney for the plaintiffs Jordan Elias said: “It was a challenging case with a lot of pitfalls, so we were pleased we were able to negotiate the case outcome without major objections.”
Elias added that the negotiations took over two years and had been complicated by factors including the COVID-19 pandemic.
In 2015, OPM announced it was hit with a series of intrusions understood to be linked to two Chinese government-sponsored groups, which resulted in the compromise of personal information of around 22 million individuals.
A subsequent report by the House Committee on Oversight and Reform found that the earliest known data breach at the agency came in November 2013 but was not detected for years until a private cybersecurity firm was brought in to run forensics.
Before that, malware was found to be lurking on the organization’s data infrastructure dating back to 2012, according to the Department of Homeland Security’s U.S. Computer Emergency Readiness Team.
Following the breach, OPM contracted with credit monitoring company ID Experts to provide monitoring services to victims of the breach. According to federal government spending data, the agency has so far spent $248 million on the contract, which has an award ceiling of $416 million.