fbpx

Accellion Data Breach and Large Exposure of PII Class Action

The complaint for this class action alleges that Accellion, Inc. bears responsibility for a December 2020 data breach involving its Accellion FTA file transfer system. According to the complaint, Accellion advertised that the system “helps worldwide enterprises … transfer large and sensitive files securely using a private cloud, on-premise[s] or hosted” and also appears to have underestimated the number of people affected by the data breach.

The Nationwide Class is all individuals in the US whose PII was exposed as a result of the compromising of Accellion FTA sometime around December 20, 2020.

However, in December 2020 accessed files that customers had shared with Accellion FTA. The files contained personally identifying information (PII), including, among other things, Social Security numbers, bank account numbers, dates of birth, and employment information.

The complaint contends, “By obtaining, collecting, using, and deriving a benefit from Plaintiff’s and Class Members’ PII, [Accellion] assumed legal and equitable duties to those individuals.” It alleges that Accellion did not properly protect the PII in its possession, did not warn of its inadequate security practices, and did not “effectively secure hardware containing protected PII using reasonable and effective security procedures free of vulnerabilities and incidents. [Accellion’s] conduct amounts to negligence and violates federal and state statutes.”

The data breach purportedly occurred on December 20, 2020; Accellion claims it notified Accellion FTA customers three days later.

It also claimed on January 12, 2021 that it had fixed a vulnerability in the system and “released a patch within 72 hours to the [fewer] than 50 customers affected.” However, the complaint finds certain signs that this is not exactly true. For example, that same month, the Australian Securities and Investments Commission announced that they had been affected by the breach and that it had just learned about it on January 15.

Around February 1, 2021, the Office of the Washington State Auditor (SAO) announced that it too had been a victim of the data breach. The complaint quotes it as saying, “Some of the SAO data files contained personal information of Washington state residents who filed unemployment insurance claims in 2020.” The SAO confirmed that Washington State Employment Security Department (ESD) information was compromised in the data breach.

Similarly, the University of Colorado announced on February 9, 2021 that it had also been “one of some 300 Accellion customers that were affected by the attack” and that the data compromised involved students, employees, and possibly “limited health and clinical data….” as well. The data breach therefore appears to have exposed the information of far more than fifty customers.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Accellion Data Breach and Large Exposure of PII Complaint

February 18, 2021

The complaint for this class action alleges that Accellion, Inc. bears responsibility for a December 2020 data breach involving its Accellion FTA file transfer system. According to the complaint, Accellion advertised that the system “helps worldwide enterprises … transfer large and sensitive files securely using a private cloud, on-premise[s] or hosted” and also appears to have underestimated the number of people affected by the data breach.

Accellion Data Breach and Large Exposure of PII Complaint

Case Event History

Accellion Data Breach and Large Exposure of PII Complaint

February 18, 2021

The complaint for this class action alleges that Accellion, Inc. bears responsibility for a December 2020 data breach involving its Accellion FTA file transfer system. According to the complaint, Accellion advertised that the system “helps worldwide enterprises … transfer large and sensitive files securely using a private cloud, on-premise[s] or hosted” and also appears to have underestimated the number of people affected by the data breach.

Accellion Data Breach and Large Exposure of PII Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy