Afni, Inc. was founded in 1930, says the complaint for this class action, offering debt collection, insurance subrogation, and other services. But the complaint alleges that the company experienced a data breach in June 2021, exposing the personally identifiable information (PII) of employees and others. Unfortunately, the complaint alleges that Afni did not provide notice of the data breach to individual victims until June 2022.
The Nationwide Class for this action is all individuals living in the US whose PII was compromised in the data breach. Also defined is an Employee Subclass, which is all individuals living in the US who are current or former Afni employees whose PII was compromised in the data breach.
The complaint quotes from an article and a blog post on Afni’s website say that the company knows that “[r]isk management and information security are more critical than ever” and promising to stay “committed to providing the highest level of safety and security [for] our clients and employees.”
Even so, the data breach exposed the information of more than 261,000 individuals. The complaint alleges, “Afni’s misconduct violates Illinois law, not only because it failed to protect individuals’ PII, but also because Afni withheld notifying them about the breach for over one year.” In fact, Afni did not send out the notice of the data breach until June 2022.
When it did send it, the complaint alleges that Afni downplayed the danger involved for the individual victims, saying that the cybercriminals “may” have viewed or taken their data and that Afni was informing them “out of an abundance of caution.” The complaint further claims that Afni did not make certain other things clear, such as whether the attack was a ransomware attack, whose PII was taken, and whether Afni had done anything to improve its cybersecurity since the event.
Even worse, the complaint alleges that Afni did not include in the notice the fact that the hackers had accessed financial account information, including credit or debit card numbers, security codes, and passwords or PIN numbers.
The plaintiff for this class action, Clara Owens, is a former Afni employee. After the data breach, but before Afni had sent out its notice, Owens was a victim of identity theft. In June 2021, the complaint claims, after the data breach had taken place, an unknown party filed an unemployment insurance claim in her name, without her authorization.
The complaint alleges that Owens “was recently unemployed and had recently submitted an unemployment claim. [Owens] never received any payments from the claim but the person who filed the claim received payment due to the fraudulent claim.”
The complaint faults Afni for failing to safeguard the PII in its systems.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Afni Exposure of PII in Data Breach Complaint
September 2, 2022
Afni, Inc. was founded in 1930, says the complaint for this class action, offering debt collection, insurance subrogation, and other services. But the complaint alleges that the company experienced a data breach in June 2021, exposing the personally identifiable information (PII) of employees and others. Unfortunately, the complaint alleges that Afni did not provide notice of the data breach to individual victims until June 2022.
Afni Exposure of PII in Data Breach ComplaintCase Event History
Afni Exposure of PII in Data Breach Complaint
September 2, 2022
Afni, Inc. was founded in 1930, says the complaint for this class action, offering debt collection, insurance subrogation, and other services. But the complaint alleges that the company experienced a data breach in June 2021, exposing the personally identifiable information (PII) of employees and others. Unfortunately, the complaint alleges that Afni did not provide notice of the data breach to individual victims until June 2022.
Afni Exposure of PII in Data Breach Complaint