Accutech Systems Exposure of Client and Customer PII Class Action

Accutech Systems Corporation purports to be a technology company that offers personalized technology services to banks and wealth management institutions. But the complaint for this class action alleges that “Accutech itself failed to invest in adequate data security, thereby allowing hackers to exfiltrate the highly-sensitive personal and financial information of approximately 40,000 individuals” in a data breach in August 2021.

The class for this action is all persons in the US whose PII was accessed in the data breach. A Colorado Subclass has also been defined for those who are residents of Colorado.

The complaint alleges, “On information and belief, at the time of the Data Breach, and despite its claims that it is experienced in detecting anomalous data activity … and providing ‘data disaster services,’ Accutech had failed to implement necessary data security safeguards” to protect the personally identifiable information (PII) it had on file.

The data breach took place on August 16, 2021, the complaint alleges, when cyber criminals got into the company’s systems and stole the personally identifiable information (PII) of nearly 40,000 people.

According to the complaint, the company did not notice the data breach until around December 27, more than four months later. The complaint alleges, “The Data Breach also highlights the inadequacies inherent in Accutech’s network monitoring procedures.”

To make matters worse, the complaint alleges that Accutech did not notify the individual victims that their information had been stolen until February 7, 2022, more than six months later.

Information revealed for the company’s clients and their customers, the complaint says, included names and Social Security numbers. However, the complaint alleges, “Accutech has not yet acknowledged the full extent of PII that was improperly access by unauthorized parties…” For example, the complaint says, Accutech’s filing with the Maine Attorney General said that the hackers also gained access to financial account numbers and credit and debit card numbers, along with security codes, passwords, and the like for the accounts.

According to the complaint, “collecting, maintaining, and protecting PII is vital to virtually every aspect of Accutech’s operations as a technology firm providing services to hundreds of wealth management and financial institution clients. Accutech acknowledged through its conduct and statements that the misuse or inadvertent disclosure of PII can pose major privacy and financial risks to impacted individuals…”

The complaint alleges, “Accutech could have prevented this Data Breach by properly encrypting or otherwise protecting their equipment and network files containing PII.”

Accutech offered the victims a one-year membership in Experian Identity Works, but the complaint alleges that the victims’ “PII, including their Social Security numbers, cannot be changed and will remain at risk long beyond one year.”

Article Type: Lawsuit
Topic: Privacy
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy