You can’t put toothpaste back in the tube. Data breaches are costly to victims because they have no way of taking back their information and must do many things to change card and account information and monitor their credit reports, tax filings, and medical bills for years afterwards. This class action alleges that ABB, Inc. and Baldor Electric Company, known as ABB Motors and Mechanical, Inc., did not take adequate measures to protect employee data.
The class for this action is all US residents whose information became accessible to an unauthorized third party in the data breach announced by ABB on September 7, 2017.
The system that was breached contained the personally identifying information (PII) for almost 18,000 employees and their family members who participate in the company’s health benefits plan. The hackers gained access via a phishing scam with a false e-mail. They were then able to access names, addresses, birth dates, social security numbers, and direct deposit information, among other things.
The hacking took place around August 25, 2017, although the people whose PII was exposed were not fully informed until September 7, 2017.
The complaint spends a number of pages detailing the difficulties of changing the types of information lost during this kind of data breach. It is more difficult to detect, say, a false claim for unemployment benefits or a false tax filing than to detect a false application for a new credit card; and social security numbers can only be changed after there is proof that they have been misused.
The complaint concludes that the kind of information taken in this breach is more difficult to cope with than, say, the theft of credit card numbers. Unfortunately, it is also more valuable on the black market.
In this case, too, family members’ information was stolen. Although the company offered credit monitoring for plaintiff Rickey Kimbriel, it has not offered the same for his wife Paula Kimbriel. She has already been notified that on February 13, 2019, five unauthorized credit inquiries were made with banking institutions in four different states using her information.
Among its charges, the complaint claims violations of North Carolina’s Unfair or Fraudulent Business Practices law, breach of fiduciary duties, negligence, and breach of contract. It asks for additional credit monitoring, an injunction against similar behavior, and “nominal damages, compensatory damages, and/or punitive damages” in addition to interest, attorneys’ fees and costs, and other things.