Aon, plc’s website describes the company as offering “risk advisory, risk transfer and structured solutions that help organizations and individuals better identify, quantify, and manage their risk exposure.” Unfortunately, it seems to have overlooked the modern-day risk of cyberattacks. The complaint alleges that the company failed to take adequate measures to safeguard the personally identifiable information (PII) and protected health information (PHI) it kept on file.
The class for this action is all US residents whose private information was actually or potentially accessed or acquired in the data breach event in the Notice of Data Breach Aon put out on or about June 13, 2022.
On its website, Aon calls itself “a leading global professional services firm providing a broad range of risk, retirement, and health solutions.” It has around 50,000 employees in 120 countries.
The cyber incident came to the company’s attention on February 25, 2022. It then undertook an investigation that showed that an unauthorized third party had accessed some of its systems at various points from December 29, 2020 and February 26, 2022. The company said that the stolen data included various kinds of PII, including names, dates of birth, Social Security numbers, and benefit enrollment information.
The complaint asserts, “This Private Information was compromised due to [Aon’s] negligent and/or careless acts and omissions and the failure to protect the Private Information” the company held in its system.
According to the complaint, even though Aon discovered the data breach in February, it did not send out notices of the data breach until on or about May 27, 2022, “even though [Aon] is well aware of the need to move quickly in responding to data breach events.”
The stolen PII and PHI was unencrypted, the complaint alleges, and will probably end up for sale on the dark web, since that is what hackers normally do with stolen information. Social Security numbers, the complaint claims, are particularly sought after by and valuable to identity thieves.
Data breaches have been the subject of public announcements and warnings in recent years as their number has grown. The complaint alleges that Aon “could have prevented this Data Breach by properly securing and encrypting the systems containing the PII…. Alternatively, [Aon] could have destroyed the data, especially for individuals with whom it had not had a relationship for a period of time.”
Aon has offered the individual victims of its data breach only twelve months’ worth of identity and credit monitoring services, which the complaint claims is “inadequate to protect [them] from the threats they face for years to come…”
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Aon Data Breach Exposes PII and PHI Complaint
July 1, 2022
Aon, plc’s website describes the company as offering “risk advisory, risk transfer and structured solutions that help organizations and individuals better identify, quantify, and manage their risk exposure.” Unfortunately, it seems to have overlooked the modern-day risk of cyberattacks. The complaint alleges that the company failed to take adequate measures to safeguard the personally identifiable information (PII) and protected health information (PHI) it kept on file.
Aon Data Breach Exposes PII and PHI ComplaintCase Event History
Aon Data Breach Exposes PII and PHI Complaint
July 1, 2022
Aon, plc’s website describes the company as offering “risk advisory, risk transfer and structured solutions that help organizations and individuals better identify, quantify, and manage their risk exposure.” Unfortunately, it seems to have overlooked the modern-day risk of cyberattacks. The complaint alleges that the company failed to take adequate measures to safeguard the personally identifiable information (PII) and protected health information (PHI) it kept on file.
Aon Data Breach Exposes PII and PHI Complaint