fbpx

CohnReznick Inadequate Measures Against Data Breach Class Action

CohnReznick, LLP offers its customers professional services, including accounting and tax services. The complaint for this class action alleges that the company did not take adequate measures to protect its clients’ customers’ information from a data breach that took place in February and March of 2021.

The class for this action is all natural persons living in the US whose PII was compromised in the data breach which took place between February 26and March 5, 2021 and announced on or around June 1, 2021. A California Subclass has also been defined, for those living in California.

Despite the fact that the data breach took place early in the year, CohnReznick did not take any measures to notify the victims quickly. The data exposed included personally identifiable information (PII) including names and Social Security numbers.

The complaint quotes a blog post from CohnReznick’s National Director of Cybersecurity, Technology Risk, and Privacy Practice, just a few months before the data breach occurred, as saying, “The overarching lesson to be learned from these [cyberattacks] is that it’s critical to fully understand the security of all of the third parties in your business ecosystem. Each partner represents an individual point of risk, and a breach of one can spread to other partners, vendors, and customers. Nevertheless, you own the risk and responsibility for protecting your assets…”

Also on its website, the company promises that it “will implement appropriate technical and organizational security measures designed to protect against the accidental loss, destruction, damage and/or unauthorized use of personal information.”

However, the complaint alleges that the data breach happened because of CohnReznick’s “negligent and/or careless acts and omissions and their failure to adequately protect the PII.” It claims that the company failed to (1) protect the PII, (2) warn its customers and others that it had inadequate security practices, and (3) “effectively monitor their websites and platforms for security vulnerabilities and incidents.”

The complaint also claims that the company did not comply with industry standards or the Federal Trade Commission (FTC) guidelines for data security practices. The complaint cites the FTC publication Protecting Personal Information: A Guide for Business, which provides specific measures that businesses should take to safeguard information.

According to the complaint, “The FTC has brought enforcement actions against businesses for failing to protect consumer data adequately and reasonably, treating the failure to employ reasonable and appropriate measures to protect against unauthorized access to confidential consumer data as an unfair act or practices prohibited by Section 5 of the Federal Trade Commission Act…”

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

CohnReznick Inadequate Measures Against Data Breach Complaint

August 2, 2021

CohnReznick, LLP offers its customers professional services, including accounting and tax services. The complaint for this class action alleges that the company did not take adequate measures to protect its clients’ customers’ information from a data breach that took place in February and March of 2021.

CohnReznick Inadequate Measures Against Data Breach Complaint

Case Event History

CohnReznick Inadequate Measures Against Data Breach Complaint

August 2, 2021

CohnReznick, LLP offers its customers professional services, including accounting and tax services. The complaint for this class action alleges that the company did not take adequate measures to protect its clients’ customers’ information from a data breach that took place in February and March of 2021.

CohnReznick Inadequate Measures Against Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy