This class action brings suit against American Financial Resources, Inc. (AFR), alleging that the company failed to take reasonable care to safeguard the personally identifiable information (PII) of those who used its services.
The Nationwide Class for this action is all persons in the US whose private information was compromised in the data breach discovered or around December 2021 and who were sent notices of the data breach. A Pennsylvania Subclass has also been defined, for those in the above class living in Pennsylvania.
The plaintiff in this case, Dorothy Zelenski, has a home loan that is serviced by AFR.
The complaint alleges, “In maintaining Plaintiff Zelenski’s information, [AFR] expressly and impliedly promised to safeguard Plaintiff Zelenski’s PII.” Unfortunately, the complaint alleges that AFR did not take proper measures to do this, so that it was exposed in a data breach.
According to the complaint, the security incident occurred between December 6 and December 20, 2021, when an unauthorized person accessed AFR’s systems, stealing names, Social Security numbers, and driver’s license numbers. The complaint says AFR’s investigation of the incident ran until February 4, 2022 and that notices of the data breach were sent out in March.
The complaint alleges that AFR “offered no explanation for the delay between the initial discovery of the Breach and the belated notification to affected customers, which resulted in Plaintiff and Class members suffering harm they otherwise could have avoided had a timely disclosure been made.”
The complaint calls the notices “woefully deficient,” because it did not provide information about, for example, “how unauthorized parties accessed its networks, whether the information was encrypted or otherwise protected, how it learned of the Data Breach, whether the breach occurred system-wide, whether servers storing information were access, and how many customers were affected by the Data Breach.”
“Even worse,” the complaint alleges, “AFR offered only one year of identity monitoring … which required their disclosure of additional PII with which AFR had just demonstrated it could not be trusted.”
The complaint claims that the breach occurred because AFR did not take sufficient measures to prevent it, in spite of receiving warnings that financial companies were likely targets of cyberattacks.
The Federal Trade Commission (FTC) updated its customer information Safeguards Rule in 2021, but the complaint alleges that AFR did not comply with FTC guidelines. It claims that the FTC has brought enforcement actions against businesses that have failed to properly protect customer information, deeming it an unfair act or practice under the Federal Trade Commission Act.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
American Financial Resources Exposure of Customer Data Complaint
April 26, 2022
This class action brings suit against American Financial Resources, Inc. (AFR), alleging that the company failed to take reasonable care to safeguard the personally identifiable information (PII) of those who used its services.
American Financial Resources Exposure of Customer Data ComplaintCase Event History
American Financial Resources Exposure of Customer Data Complaint
April 26, 2022
This class action brings suit against American Financial Resources, Inc. (AFR), alleging that the company failed to take reasonable care to safeguard the personally identifiable information (PII) of those who used its services.
American Financial Resources Exposure of Customer Data Complaint