fbpx

Accellion FTA File Transfer Appliance Data Breach Class Action

A number of class actions have been filed in recent months against companies who had data breaches relating to the use of Accellion, Inc.’s File Transfer Appliance (FTA). This class action brings suit directly against Accellion because of vulnerabilities in the FTA system that it has not addressed.

The Nationwide Class for this action is all residents of the US whose PII was exposed to unauthorized persons because of the Accellion data breach in December 2020 and January 2021.

According to the complaint, Accellion claims that its FTA product helps “worldwide enterprises … transfer large and sensitive files[.]” Accellion’s customers included law firms, government entities, universities, medical providers, and large corporations. Among the sensitive files it helped transfer were files of its clients that contained personally identifying information (PII).

“In December 2020,” the complaint alleges, “an unauthorized person exploited two vulnerabilities in Accellion’s FTA software to access the files and data that numerous customers of [Accellion], including Kroger, had stored on or shared with Accellion FTA…”

On December 20 of that same month, Accellion devised software patches to address these vulnerabilities and to check its systems more often for irregular activity.

However, the complaint alleges that vulnerabilities still remained. In January 2021, another unauthorized person took advantage of two more vulnerabilities in the software to again get to data and files that were stored on, or shared by customers through, Accellion’s FTA.

Among Accellion’s affected customers were the Reserve Bank of New Zealand, Australian Securities and Investments Commission, Washington State Auditor’s Office, Jones Day, Flagstar Bank, Royal Dutch Shell, Stanford University, and Harvard Business School.

The files the company’s customers transferred with FTA included a large amount of PII, including Social Security numbers, driver’s license or state ID numbers, bank account and routing numbers, medical and academic records, places of employment, and salary information.

The complaint alleges, “Already, information obtained as a result of the Data breach, including Social Security numbers, tax information, academic records, and medical records, have been posted on a website called Clop that is run by cybercriminals and that is known to publish samples of stolen data and then demand a ransom not to publish the rest of the information.”

Accellion’s FTA is a twenty-year-old product which has its “end of life” scheduled for April 30, 2021. Accellion’s operating software, Centos 6, had an even earlier end of life date that had been announced as November 30, 2020. This meant that Accellion would have difficulty supporting FTA after that date.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Accellion FTA File-Sharing System Data Breach Complaint

July 22, 2021

A number of class actions have been filed in recent months against companies who had data breaches relating to the use of Accellion, Inc.’s File Transfer Appliance (FTA). This class action brings suit directly against Accellion because of vulnerabilities in the FTA system that it has not addressed.

Accellion FTA File-Sharing System Data Breach Complaint

Case Event History

Accellion FTA File-Sharing System Data Breach Complaint

July 22, 2021

A number of class actions have been filed in recent months against companies who had data breaches relating to the use of Accellion, Inc.’s File Transfer Appliance (FTA). This class action brings suit directly against Accellion because of vulnerabilities in the FTA system that it has not addressed.

Accellion FTA File-Sharing System Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy