This class action concerns a data breach that happened at Afni, Inc. in June 2022, exposing personally identifiable information (PII). The complaint faults Afni in two ways, alleging that the company failed to adequately protect the information in its systems and also that it failed to notify the individual victims for a full year, until June 2022.
A class and a subclass have been defined for this action:
- The Nationwide Class is all persons Afni identified as being among those individuals affected by the data breach, including all who were sent a notice of the data breach.
- The Employee Subclass is all persons who are current or former Afni employees whose PII was compromised in the data breach, including all who were sent a notice of the data breach.
The complaint describes Afni as an international entity that “serves the healthcare, insurance, and communications industries and offers consumer debt collection, customer assistance and engagement, back-office management, and insurance subrogation services.” To accomplish these functions, it collects and stores a great deal of private information.
The complaint quotes a blog post from Afni’s website promising the company will remain “committed to providing the highest level of safety and security [for] our clients and employee.” Nevertheless, the complaint alleges, “Afni’s failure to implement adequate cybersecurity to safeguard its employees’ and consumers’ PII left that PII in a vulnerable and dangerous condition and allowed the Data Breach to happen.”
Afni discovered “anomalous” activity in its network in June 2021, which the complaint alleges exposed the information of more than 260,000 people, including their names, dates of birth, Social Security numbers, and financial account or card numbers. However, the complaint alleges that a year passed before Afni began sending out notices in June 2022.
Even when Afni issued the notice, the complaint claims, it downplayed the event, telling them that cybercriminals “may” have accessed their information, that Afni was only telling them about it “out of an abundance of caution,” and that the company was “unaware of any actual or attempted identity theft or fraud” even though the affected individuals had known nothing about the data breach to date and would not have thought to report any incidents to Afni.
In addition, the complaint alleges that Afni’s notice did not include the information that financial account numbers and debit or credit card numbers had been compromised, a point that Afni did include in its notice to the Maine Attorney General.
The complaint alleges that the plaintiff for this class action, Nicole Prochnow, has “suffered seven attempts at fraud or identity theft since the Data Breach occurred in June 2021.”
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Afni Data Breach Complaint
September 29, 2022
This class action concerns a data breach that happened at Afni, Inc. in June 2022, exposing personally identifiable information (PII). The complaint faults Afni in two ways, alleging that the company failed to adequately protect the information in its systems and also that it failed to notify the individual victims for a full year, until June 2022.
Afni Data Breach ComplaintCase Event History
Afni Data Breach Complaint
September 29, 2022
This class action concerns a data breach that happened at Afni, Inc. in June 2022, exposing personally identifiable information (PII). The complaint faults Afni in two ways, alleging that the company failed to adequately protect the information in its systems and also that it failed to notify the individual victims for a full year, until June 2022.
Afni Data Breach Complaint