Exposing Private Information
This settlement resolves a class action brought by current and former employees of TransPerfect Global, Inc., claiming that the company was the victim of a phishing attack sometime around January 17, 2017. This resulted in a data breach and the exposure of the data and payroll information of employees of the company and certain of its affiliates.
Data breaches have become serious hazards for companies who store information and for their employees and customers. It seems therefore all the more maddening when data breaches occur not because of sophisticated hacking techniques but because of gullibility to phishing, as the complaint for this class action charges in the case of the data breach at ABM Industries, Inc. Personal and biometric information was stolen, but the company did not inform employees until seven months after the breach was discovered.
The complaint for this class action claims that in the past five years, almost every major data breach at retail chain stores has involved malware on point of sale (POS) systems—yet retailers still do not take adequate precautions to vulnerable protect customer data. In this case, it was Saks & Company’s systems that were breached, and the issue is not only the breach but Saks’s failure to detect it or properly inform customers for nearly a year.
Aetna, Inc., Aetna Life Insurance Company, and Aetna Specialty Pharmacy, LLC have agreed to settle a class action that alleges two instances of potential breaches of privacy.
Under Armour, Inc. (UA) is known for its sports-related clothing. For a number of years, it has been offering customers apps such as MyFitnessPal and MapMyFitness that allow them to track the food they eat and their fitness-related actions. Unfortunately, the apps have suffered one of the largest data breaches to date that has exposed the personally identifying information (PII) of an estimated 150 people.
It’s yet another data theft case, this time involving a phishing scam at Allconnect, Inc. According to the complaint for this class, an employee at Allconnect received an e-mail that was supposedly from the president of the company asking for “all 2017 Allconnect employee W-2 information.” The employee complied, sending the impostor the personally identifying information (PII) of the company’s employees, including names, Social Security numbers, and wage and withholding information. The complaint claims that the scam was a well-known one that human resources and accounting professionals should have known about.
Seagate is settling a class action related to a phishing attack that occurred on or around March 1, 2016. The attack exposed the 2015 Form W-2 data of employees who worked for Seagate or certain affiliated companies during 2015. According to the complaint, fraudulent tax returns were filed in some employees’ names, sometimes jointly in their spouses’ names as well.
Six plaintiffs bring this class action against Panera Bread Company for allegedly leaving their personal identifying information available in plain text. Customers were required to surrender this information when setting up the Panera Rewards or MyPanera accounts. Panera not properly safeguard this information, the complaint claims, and after it was informed of the problem, it ignored it for eight months. The counts in the complaint include violations of the Illinois Personal Information Protection Act and Consumer Fraud and Deceptive Business Practices Act as well as the tort of intrusion upon seclusion, breach of contract, negligence, and violation of the right of privacy.
This class action alleges that Facebook, Inc. allowed Cambridge Analystica, LLC (CA) to mine the data of some 50 million Facebook users, for the purpose of influencing voters in what the complaint calls “an unprecedented attack on democracy”—not to mention an unprecedentedly massive misuse of personal information. Facebook has admitted that most of its users have likely had their information scraped by outsiders, which the complaint claims is a violation of the Stored Communications Act, the Alabama Deceptive Trade Practices Act, and common law.
The Academy of Art University (AAU) was fooled by a spoofing scam in April 2016, sending out IRS wage and tax statements of roughly 3,000 current and former AAU employees to a stranger. The information sent included names, addresses, dates of birth, wages, and Social Security numbers.