fbpx

Canon USA Data Breach with Employee Information Class Action

Canon USA, Inc. provides digital imaging for the US, Latin America, and the Caribbean. The company experienced a serious ransomware attack in the summer of 2020, during which attackers accessed about Canon’s current and former employees. The complaint for this class action alleges that Canon’s own “security failures enabled the hackers to execute the Canon Data Breach and steal” Canon employees’ private information.

The Canon Data Breach Class for this action is all present and previous employees of Canon and their beneficiaries whose private information was exposed in the data breach that Canon announced in August and November 2020. A California Subclass has also been defined for those of the above class who live in California.

The attack supposedly took place between July 20 August 6, 2020, although Canon only became aware of it on August 4, 2020. The attacker gained “access to files … containing fifteen years’ worth of personal, sensitive and confidential information about Canon’s current and former employees, and their beneficiaries and dependents…”

The information included personal identifying information (PII) such as names, Social Security numbers, dates of birth, and driver’s license or government-issued ID numbers, as well as personal financial information (PFI) such as bank account numbers and electronic signatures.

Unfortunately, although it knew about the hack on August 6, it did not make a public announcement on it until November 25—three months later.

The complaint claims that the data breach was Canon’s fault, “caused and enabled by [Canon’s] violations of its obligations to abide by best practices and industry standards concerning the security of Private Information.”

Ironically, the complaint says that a “significant portion of Canon’s business products are geared towards the protection of sensitive data and documents.” The complaint quotes Canon’s own product materials as saying, “From identity theft and intellectual property loss to infection by viruses and malware, IT administrators are tasked with adequately protecting information and assets from threats from the outside as well as within.”

The complaint therefore portrays Canon as “knowing full well” that its own systems were at risk of hacks and attacks. It alleges that Canon failed to follow guidelines set forth in publications from the Federal Trade Commission (FTC). In particular, the FTC’s “Protecting Personal Information: A Guide for Business” sets out data security principles and practices.

The counts include negligence, negligence per se, breach of implied contract, and violation of California’s Unfair Competition Law, among other things.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Canon USA Data Breach with Employee Information Complaint

February 25, 2021

Canon USA, Inc. provides digital imaging for the US, Latin America, and the Caribbean. The company experienced a serious ransomware attack in the summer of 2020, during which attackers accessed about Canon’s current and former employees. The complaint for this class action alleges that Canon’s own “security failures enabled the hackers to execute the Canon Data Breach and steal” Canon employees’ private information.

Canon USA Data Breach with Employee Information Complaint

Case Event History

Canon USA Data Breach with Employee Information Complaint

February 25, 2021

Canon USA, Inc. provides digital imaging for the US, Latin America, and the Caribbean. The company experienced a serious ransomware attack in the summer of 2020, during which attackers accessed about Canon’s current and former employees. The complaint for this class action alleges that Canon’s own “security failures enabled the hackers to execute the Canon Data Breach and steal” Canon employees’ private information.

Canon USA Data Breach with Employee Information Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy