Failure to Inform Promptly of Data Breach
Data breaches are becoming all too common these days, and consumers are expecting a certain standard of behavior to follow. The complaint for this class action alleges that Carl’s Golfland, Inc. experienced a data breach, and that it neither stopped the unauthorized access immediately nor informed customers promptly.
Laboratory Corporation of America (LCA), Quest Diagnostics Incorporated, and Optum360 Services, Inc. have recently been hit with class actions related to a data breach of their debt collector’s systems. This is another such case, with a new legal name for the debt collector: Retrieval Masters Creditors Bureau, Inc. (RMCB), usually referred to as American Medical Collection Agency.
Are data breaches getting bigger, involving more and more people? The complaint for this class action claims that information for one hundred million people was exposed in the data breach involving Capital One Financial Corporation, Capital One, NA, and Capital One Bank (USA), NA. It claims that Capital One should be held responsible for not properly protecting the
Quest Diagnostics calls itself “the world’s leading provider of diagnostic information services.” LabCorp is also a global laboratory offering diagnostic services. Quest uses Optum360, LLC for billing collections, and both Optum and LabCorp use AMCA for collections. This means that when AMCA suffered an extended data breach, medical and personally identifying information (PII) for millions of people was exposed.
Quest Diagnostics Incorporated is one of the leading medical laboratory services company in the country. But it subcontracted collection work to a company called Optum360, LLC, which in turn subcontracted work to Retrieval-Masters Creditors Bureau, Inc. (RMCB). The result? The personal information of Quest customers was exposed in a data breach at a company they had never given their information to.
Data breaches are bad enough. But when a company does not promptly tell customers that their information has been exposed, people get angry. The complaint for this class action alleges that Five Below, Inc. suffered a data breach and waited for a month before telling its customers.
The complaint for this class action alleges that Marriott International, Inc. failed to use industry-standard security measures and failed to encrypt sensitive personal information. It also claims that Marriott failed to notice the data breach for as long as four years.
Data breaches have become serious hazards for companies who store information and for their employees and customers. It seems therefore all the more maddening when data breaches occur not because of sophisticated hacking techniques but because of gullibility to phishing, as the complaint for this class action charges in the case of the data breach at ABM Industries, Inc. Personal and biometric information was stolen, but the company did not inform employees until seven months after the breach was discovered.
The complaint for this class action claims that in the past five years, almost every major data breach at retail chain stores has involved malware on point of sale (POS) systems—yet retailers still do not take adequate precautions to vulnerable protect customer data. In this case, it was Saks & Company’s systems that were breached, and the issue is not only the breach but Saks’s failure to detect it or properly inform customers for nearly a year.
When you discover that your company’s systems have been hacked, do you (a) announce it, investigate, and hope to punish those responsible, or (b) pay the hackers $100,000 to keep quiet about it? The complaint for this class action claims that Uber chose to bribe the criminals who stole customer and driver data. The complaint claims that Uber failed to safeguard customers’ and drivers’ information and is therefore guilty of negligence and breach of implied contract.