Another lawsuit for OPM, Ashley Madison's government customers and more
News and notes from around the federal IT community.
Former fed files OPM lawsuit
The Office of Personnel Management is facing another lawsuit over the massive breaches of personal information that affected 21.5 million individuals.
A class action lawsuit filed August 14 targets OPM and KeyPoint Government Solutions -- the contractor at the center of the breaches -- for allegedly demonstrating patterns of neglect that allowed the breaches to occur.
"The combination of KeyPoint's cyber security weaknesses and the OPM's cyber security failures caused the massive scope of the OPM Breach," the suit claimed. "Defendants' conduct violated the Privacy Act of 1974, the Administrative Procedure Act, and constitutes negligence."
The plaintiff, Edward Krippendorf, worked for the Defense Department between 1997 and 2012, both as a contractor and a federal employee. Krippendorf said he has already received notification that his information was compromised in the first breach, and he further notes that he held a federal security clearance, meaning more of his information was likely exposed in the second breach.
The class named in the suit includes "current, former, and prospective employees and contractors of the U.S. government, as well as family members or other contacts of federal applicants, including spouses and co-habitants, who never applied for a position with the U.S, government, but that nonetheless had their personally identifying information and records compromised."
The suit requested compensatory damages, as well as "adequate" credit monitoring and the reissue of sensitive documents including new Social Security numbers and passports.
Krippendorf's suit follows two other suits over the breach.
In June, the American Federation of Government Employees filed a lawsuit against OPM, then-Director Katherine Archuleta and CIO Donna Seymour. In July, the National Treasury Employees Union filed a suit against Archuleta alone.
Thousands of Ashley Madison accounts used government e-mail addresses
The hackers who in July said they broke into the online hookup site Ashley Madison and stole personal information on millions of users have posted that data to the dark web. The data dump includes thousands of account records from .gov and .mil addresses, according to reports.
The group that took credit for the hack published 35GB of data on Aug. 18. The millions of files released include a variety of account details, personally identifiable information and financial data. According to a report in CSO, among the accounts are 15,019 that used using either a .mil or .gov email address. Additionally, other records in the dump showed that users created their Ashley Madison profile using a work-related email address. A breakout of the hacked .mil and .gov information, provided to CSO by an online source, was posted to Pastebin.
Numerous news reports following the disclosure of the hack in July pointed out that the Ashley Madison site did not verify email addresses, so users could use bogus addresses to sign up.
NIH invests in big-data tool building
The National Institutes of Health has awarded several grants for development of software tools to handle data compression, data visualization, data provenance and data wrangling, GCN reports. NIH is dividing a total of $6.5 million among 15 winning recipient programs in this fiscal year.
Feds can now respond to Yelp reviews
Federal agencies should brace themselves for some serious citizen feedback.
An Aug. 18 blog post from Yelp, the popular customer-satisfaction rating and recommendation platform that is best known for restaurant reviews, touted the recently negotiated terms of service agreement that allows federal agencies to "claim their Yelp pages, read and respond to reviews, and incorporate that feedback into service improvements."
Yelp said federal agencies can now listen and respond to customer comments on existing Yelp review pages on everything from individual Transportation Security Administration airport checkpoints to national parks, harnessing customer feedback data to drive improvements in citizen services.
The agreement expands on one Yelp established in January with the General Services Administration for the Department of Transportation's National Highway Traffic Safety Administration, which uses Yelp's API for the SaferRide mobile app.
NEXT STORY: 6 hidden costs of continuing resolutions