The US Government's Office of Personnel Management (OPM) is facing a lawsuit over the hasty implementation of a new federal email system. Two anonymous employees have filed a complaint in a Washington DC district court, alleging that the rapid rollout, spearheaded by the Trump administration, violated the E-Government Act of 2002. The complaint claims that the OPM established a single email address, HR@opm.gov, intended for direct communication with all civilian federal employees, bypassing the usual procedures where OPM works with agencies and departments. This centralized system has raised concerns, with some speculating its primary use might be to facilitate mass firings.
At the center of the controversy is a lone, on-premises server allegedly set up quickly on the OPM network to handle the central email inbox. Crucially, a privacy impact assessment, mandated by law, was not completed or published before deployment. This assessment is meant to ensure that any staff data on the machine is protected. The lawsuit claims this oversight was intentional and willful, drawing parallels to a significant 2014 cyberattack where 20 million records were stolen from the same OPM. The agency's handling of this new system, especially given its history, has raised eyebrows and fueled fears of another potential cyber disaster.