ArbiterSports Ransom Attack and Data Breach Class Action

ArbiterSports, LLC helps facilitate sports events for youths, K-12 schools, and institutions of higher education. Unfortunately, the company experienced a data breach in 2020. The central contention in this class action is that ArbiterSports “failed to utilize and implement the most basic security precautions to protect its users’ data from attackers.”

The Nationwide Class for this action is all individuals living in the US whose personal information was given to ArbiterSports and was kept in its database, and whose information was accessed, compromised, or stolen in the data breach announced on August 24, 2020.

The complaint calls Arbiter Sports “a sports software company” that helps schools and sports leagues put on athletic events. It does this by, among other things, assigning sports officials and event workers, paying them, and informing those participating in the events.

Sports officials and event workers must register with the company in order to receive assignments to and pay for the events. The information they’re asked to provide includes names, contact information, Social Security numbers, and, for most of them, personal banking information. Arbiter Sports maintains the information of around 540,000 people in its database.

According to the complaint, the company has “held its platform, software and services out to the public … a being ‘safe,’ and has represented that it utilizes ‘industry standards’ with respect to data security practices and that ArbiterSports’ website is in compliance with federal and states statutes and regulations.”

On the contrary, the complaint alleges, “Despite the fact that ArbiterSports was storing such highly sensitive and confidential personal information in its Database, AribterSports fialed to utilize and implement the most basic security precautions to protect its users’ data from attackers.”

ArbiterSports announced the data breach in a notice to users on August 25, 2020, saying it had “recently identified and addressed a data security incident” that exposed information such as names, passwords, dates of birth, and Social Security numbers. According to the complaint, the attacker was able to decrypt encrypted information and “reportedly demanded a ransom for the deletion of the files…. ArbiterSports reported that it had reached an agreement with the attacker and, presumably, paid a ransom, and received ‘confirmation’” that the attacker had deleted the files.

The complaint alleges, “ArbiterSports failed to take the most basic industry-accepted data security precautions that would have prevented the attacker from accessing the ArbiterSports Database…. Instead, ArbiterSports used grossly inadequate computer systems and data security practices….”

After that, it says, “ArbiterSports compounded its failure by then failing to adequately provide timely and accurate notice….” Instead, it let two months pass before it informed the individual victims of the data breach. When it finally did so, the complaint alleges that it claimed to have “identified and addressed” the incident, “thus improperly misrepresenting and/or suggesting to its users … that it had rectified the problem, when it clearly had not.”

The counts include negligence and gross negligence, among other things.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

ArbiterSports Ransom Attack and Data Breach Complaint

October 19, 2020

ArbiterSports, LLC helps facilitate sports events for youths, K-12 schools, and institutions of higher education. Unfortunately, the company experienced a data breach in 2020. The central contention in this class action is that ArbiterSports “failed to utilize and implement the most basic security precautions to protect its users’ data from attackers.”

ArbiterSports Ransom Attack and Data Breach Complaint

Case Event History

ArbiterSports Ransom Attack and Data Breach Complaint

October 19, 2020

ArbiterSports, LLC helps facilitate sports events for youths, K-12 schools, and institutions of higher education. Unfortunately, the company experienced a data breach in 2020. The central contention in this class action is that ArbiterSports “failed to utilize and implement the most basic security precautions to protect its users’ data from attackers.”

ArbiterSports Ransom Attack and Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy