Federal employees have filed a lawsuit against the Trump administration’s Office of Personnel Management, after the agency created and began testing an email system meant to deliver mass communications directly to federal employees’ inboxes.

The lawsuit from two anonymous federal employees in the executive branch alleges OPM violated the 2002 E-Government Act by not releasing details of how the communication system will manage federal employees’ personal information stored in the system.

Kel McClanahan, executive director of the National Security Counselors law firm, filed the pro bono lawsuit on behalf of the plaintiffs, alleging that the email system poses security risks for federal employees’ personal information.

“A one-stop shop for information about every government employee in the federal executive branch is just a treasure trove for hackers, or even just curiosity seekers,” McClanahan said in an interview.

The 2002 E-Government Act requires agencies to complete a “privacy impact assessment” for any new online federal system by analyzing how personally identifiable information will be collected, stored, protected, shared and managed within that system. Agencies are required to make the assessment public unless it would raise concerns with national security or reveal classified information.

“People have a right to know where their information is being stored by the government and how well it’s being protected,” McClanahan said.

OPM first announced the testing of its new mass communications system last week. In the following days, some federal employees said they received test emails from OPM asking them to reply “yes” to confirm whether they received the message.

“OPM is testing a new capability allowing it to send important communications to ALL civilian federal employees from a single email address,” the agency wrote in a Jan. 23 announcement. “Testing of this messaging system functionality is expected as soon as this week.”

The purpose of OPM’s mass communications system is unclear, but federal employees in the lawsuit pointed to the possibility of OPM using the communication method to send updates about reductions in force (RIFs). OPM declined to comment on both the lawsuit and the intentions of the new mass communication system.

Regardless of the purpose for the messaging system, McClanahan said the data security of federal employees’ personal information is the central point of the Jan. 27 complaint.

“We have no idea what this system is. We have no idea what the nature of the system is. All we know is that by OPM’s own language, it is a new distribution and response system,” McClanahan said. “If they’re going to set up a new system to do something that’s going to collect all this information, they have to ensure that it’s secure, and they have to ensure that people know that it’s secure — but they haven’t done any of that.”

Several federal agencies have also reportedly sent messages to their employees about OPM’s communications system, according to the lawsuit. For example, the lawsuit states that on Jan. 23, the acting secretary of the Department of Homeland Security emailed employees to make them aware of the OPM email tests, and that the emails “can be considered trusted.”

The lawsuit, however, alleges that the communications are not being sent securely due to how quickly OPM began sending out the messages.

“Secure communications take time and coordination to plan and implement,” the lawsuit states. “Standard email is not encrypted, and it is common practice among hackers — including hackers affiliated with hostile foreign services — to begin attempting to access a new U.S. government device as soon as they learn of its deployment.”

The plaintiffs also pointed to the 2015 OPM data breach, which put personal data of roughly 22 million current and former federal employees at risk.

The lawsuit additionally references a recent Reddit post from an account claiming to be a long-time career federal employee at OPM. The employee stated that former OPM CIO Melvin Brown “was pushed aside just one week into his tenure because he refused to setup email lists to send out direct communications to all career civil servants.”

The Reddit poster additionally stated that agencies are being directed to send lists of federal employees to OPM Chief of Staff Amanda Scales, a former employee at xAI, which is owned by billionaire Elon Musk. Musk is also a leader of the Department of Government Efficiency, which is facing its own series of legal action.

In the Jan. 27 complaint against OPM, the plaintiffs are seeking to file the lawsuit as a class action lawsuit. They are calling for OPM to promptly conduct a privacy impact assessment for the new communications system.

Copyright © 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.