fbpx

California Pizza Kitchen Employee PII Data Breach Class Action

This class action was initiated by two employees of California Pizza Kitchen, Inc. (CPK), who were required to give the company their personally identifiable information (PII) as a condition of employment. That PII—including their Social Security numbers, dates of birth, and financial information—has now been compromised by a data breach that the complaint alleges occurred because the company did not “implement adequate and reasonable cybersecurity protections and protocols that were necessary to protect the PII of current and former employees entrusted into [the company’s] custody and care.”

CPK is a chain of restaurants with more than 250 casual dining locations, distributed over thirty-two states and a number of countries.

In September 2021, it announced that it had discovered that unauthorized parties had obtained access to its computer systems. The Notice it put out said that “[o]n October 4, 2021, the investigation confirmed that certain files on [CPK’s] systems had been subject to unauthorized access.”

Even so, the complaint faults the company for delaying action, alleging that it did not notify the persons whose PII was compromised until around November 15, two months after it became aware of the breach.

The Maine Attorney General’s website called the event an “external system breached” and said that it had affected more than 100,000 people.

The complaint quotes a report by Risk Based Security, Inc. as saying that, as of the end of June 2020, the year was already the “worst year on record” for records exposed by data breaches. It alleges that CPK knew or should have known that there existed a high risk of a data breach and that it should have made sure that it had sufficient safeguards to protect its employees’ PII.

Once information is exposed, the complaint says, the victims must “live with the knowledge that their PII is forever in cyberspace” and accessible to thieves.

Despite this, CPK has offered only one year of credit monitoring to the victims.

A class and two subclasses have been defined for this action:

  • The National Class is all persons whose PII was exposed in the data breach, including all those who were sent Notices of the data breach.
  • The California Subclass is all persons in California whose PII was exposed in the data breach, including all those in California who were sent Notices of the data breach.
  • The Multi-State Subclass is all persons in Alaska, Arkansas, California, Colorado, Connecticut, Delaware, Washington D.C., Florida, Georgia, Hawaii, Idaho, Illinois, Iowa, Kansas, Kentucky, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, North Carolina, North Dakota, Oklahoma, Oregon, Rhode Island, South Carolina, Tennessee, Texas, Utah, Virginia, Washington, Wisconsin, or Wyoming whose PII was exposed in the data breach, including all those in these states who were sent Notices of the data breach.
Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

California Pizza Kitchen Employee PII Data Breach Complaint

December 10, 2021

This class action was initiated by two employees of California Pizza Kitchen, Inc. (CPK), who were required to give the company their personally identifiable information (PII) as a condition of employment. That PII—including their Social Security numbers, dates of birth, and financial information—has now been compromised by a data breach that the complaint alleges occurred because the company did not “implement adequate and reasonable cybersecurity protections and protocols that were necessary to protect the PII of current and former employees entrusted into [the company’s] custody and care.”

California Pizza Kitchen Employee PII Data Breach Complaint

Case Event History

California Pizza Kitchen Employee PII Data Breach Complaint

December 10, 2021

This class action was initiated by two employees of California Pizza Kitchen, Inc. (CPK), who were required to give the company their personally identifiable information (PII) as a condition of employment. That PII—including their Social Security numbers, dates of birth, and financial information—has now been compromised by a data breach that the complaint alleges occurred because the company did not “implement adequate and reasonable cybersecurity protections and protocols that were necessary to protect the PII of current and former employees entrusted into [the company’s] custody and care.”

California Pizza Kitchen Employee PII Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy