EPIC v. OPM (Information Security Violations) – EPIC – Electronic Privacy Information Center

web

epic.org·epic.org/documents/epic-v-opm-information-security-violat...

This FOIA lawsuit concerns DOGE's unauthorized access to federal employee data systems at OPM, raising governance and oversight concerns relevant to AI safety insofar as DOGE uses AI tools and the case involves accountability for automated/AI-assisted government data access.

Metadata

Importance: 28/100otherprimary source

Summary

EPIC filed a FOIA lawsuit against the Office of Personnel Management in February 2025 to compel disclosure of records related to DOGE's alleged unlawful access to OPM data systems containing personal information of millions of federal workers. The case centers on OPM's failure to comply with federal information security laws (FISMA) when installing a government-wide email system and its non-response to EPIC's expedited FOIA requests. OPM reportedly fired its FOIA staff and failed to meet statutory response deadlines.

Key Points

•DOGE operatives allegedly accessed OPM systems containing personal data of millions of federal workers without proper security clearances or FISMA compliance.
•OPM installed a Government-Wide Email System (GWES) without required security assessments or authorization to operate, violating FISMA.
•OPM's former CIO was reportedly replaced for refusing to install the GWES, and FOIA staff were fired in February 2025.
•EPIC filed suit on February 28, 2025 after OPM failed to respond to FOIA requests within statutory deadlines.
•The case highlights risks of unaccountable access to sensitive government databases by politically-connected actors.

1 FactBase fact citing this source

Entity	Property	Value	As Of
Electronic Privacy Information Center (EPIC)	litigation	Filed FOIA lawsuit against OPM over DOGE access to federal personnel data containing personal information of millions of current and former federal workers (2025)	2025

Cached Content Preview

HTTP 200Fetched Apr 7, 20265 KB

EPIC v. OPM (Information Security Violations) &#8211; EPIC &#8211; Electronic Privacy Information Center 
 
 
 
 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 Join EPIC’s fight to STOP THE SURVEILLANCE STATE. Defend Privacy. Protect Democracy. Support EPIC. epic.org/stop-the-surveillance-state 

 
 

 
 Dismiss message. 
 
 
 
 

 
 
 
 
 
 
 
 
 
 
 
 
 
 FOIA Cases

 EPIC v. OPM (Information Security Violations)

 
 Case No. 25-597 (2025)

 
 US District Court for the District of Columbia

 
 
 
 
 DOWNLOAD EPIC v. OPM - FOIA Complaint pdf 2.8MB
 
 
 
 
 
 
 
 
 
 Contents

 
 Contents
 
 
 
 Background 

 EPIC's FOIA Requests 

 EPIC's Interest 

 FOIA Documents 

 Legal Documents 

 
 
 
 
 
 Background

 The Office of Personnel Management (&#8220;OPM&#8221;) is the federal government&#8217;s human resources agency and personnel policy manager responsible for evaluating, adopting, and administering workforce policies, programs, and benefits. Although OPM usually remains in the background, the Trump Administration, Elon Musk, and the so-called &#8220;Department of Government Efficiency&#8221; (&#8220;DOGE&#8221;) have pushed the agency into the public eye with their unlawful access of OPM data systems that contain the personal information of millions of potential, current, and former federal workers. 

 On January 23, 2025, OPM began operating the Government-Wide Email System (&#8220;GWES&#8221;). This server has been used by the associates of Elon Musk and DOGE to simultaneously contact all federal employees. Because GWES is an information system, OPM had to comply with the information security practices detailed in the Federal Information Security Management Act (&#8220;FISMA&#8221;) before installing and operating GWES. This includes publishing security assessment reports and obtaining an authorization to operate the system. 

 On January 27, 2025, an anonymous federal worker alleged that OPM&#8217;s leadership was sending broad requests to other federal agencies in an attempt to collect information on federal workers. According to this employee, OPM directed agencies to send this information to a brand new OPM employee (formerly employed by Elon Musk) who was not properly cleared by OPM personnel security. The anonymous employee also alleged that OPM&#8217;s former Chief Information Officer, Melvin Brown, was replaced for refusing to install the GWES. 

 EPIC&#8217;s FOIA Requests

 Responding to recent events, EPIC submitted two Freedom of Information Act (&#8220;FOIA&#8221;) requests to OPM seeking records that will shed light on OPM&#8217;s practices regarding information security and federal worker privacy. 

 EPIC&#8217;s first FOIA request sought email records of two OPM employees: Acting Director Charles Ezell and former Chief Information Officer Melvin Brown. EPIC&#8217;s second FOIA request sought records of access requests to OPM databases and IT systems as well as the security assessment report that OPM should have created before

... (truncated, 5 KB total)