SEIU 1000 security breach exposes union hypocrisy on government transparency

Samuel Coleman
April 25, 2024

The work we do at the Freedom Foundation is often complex. Behind every mailer, e-mail and social media advertisement, hours of work go into preparing and acquiring the information needed to identify and contact public employees to inform them of their constitutional rights.

That process often hinges on acquiring lists of public employees via government public records laws so we know who we need to be contacting in the first place.

This isn’t always a seamless process.

Activist employees in the public records departments, over-zealous attorneys and union loyalists can sometimes make the process more complicated than it needs to be — deliberately or otherwise.

And when it’s the former, we’re often forced to litigate.

One argument we’ve heard again and again in legislative debates and court hearings is that the limited public records data we’re asking for is “too sensitive” and, in the hands of the likes of the Freedom Foundation, might be leaked, hacked, or otherwise made available to the public.

While the information we’re asking for is relatively benign and publicly available, the argument is made regardless.

Mind you, these concerns don’t stop the unions from requesting and receiving lists, on a regular basis, of far more deeply personal information about public employees than is disclosable under open government laws.

Unlike the information that we get, the unions can receive things like employees’ home addresses, cell phone numbers, and Social Security numbers.

Imagine our shock when news broke recently that SEIU 1000, one of the largest unions in California, had been the target of a ransomware attack that led to more than 308 gigabytes of union data being captured by the hackers.

This included membership information, such as Social Security numbers, home addresses, phone numbers and birthdates.

Where did SEIU 1000 get this information to have it leaked in the first place? Much of the data was included on lists given to it by the state of California, per the union’s bargaining agreement, on a regular basis.

No doubt the irony — make that hypocrisy — of the error was lost on union leaders.

While this is a genuine tragedy for the honest working people represented by the union, it should be a teaching moment for the gatekeepers of public information. Why do unions get whatever they want without having to guarantee it will be kept secure? Why are unions not required to show how they will safeguard employee’s personal information before receiving it?

For that matter, why does state law give greater weight to the motives of union leaders with a long track record of enriching themselves and the political agenda they’re pushing than to the Freedom Foundation, whose sole objective is to share with the workers a message about First Amendment rights that their own union is actively suppressing?

While the state of California and SEIU 1000 probably won’t learn their lesson from this boondoggle, the questions need to be asked.

Who’s the real threat to the security and privacy of public employees?

- California
, ransomware attack, SEIU 1000

Samuel Coleman

Assistant National Outreach Director

Before working for the Freedom Foundation, Samuel spent some time working for the Washington State Legislature. He worked for offices on both sides of the aisle but was known for his calm demeanor and interest in individual liberty. Samuel graduated from Central Washington University with a double major in Political Science and Public Policy. In his free time he enjoys exploring the natural beauty of the Pacific Northwest, working on computers, and exploring local breweries.