Deep Root Analytics Stolen Information Class Action

It’s one thing when hackers breach protections and steal personally identifiable information (PII), but it’s another when a company puts PII online without so much as password protection. That’s where the allegations start in this class action against Deep Root Analytics, LLC.

Two classes have been initially defined for this class action. The nationwide class includes all persons living in the US whose private information was disclosed in the 2017 Deep Root data breach. The Florida class includes all persons living in Florida whose private information was disclosed in the data breach.

Because political parties need information on voters in order to win elections, the Republican National Committee (RNC) hired Deep Root Analytics as a data contractor. According to the complaint, Deep Root collected PII on nearly 200 million Americans, including their names, addresses, e-mail addresses, dates of birth, browsing history, and voter ID numbers. The information allegedly included sensitive information analyzing where voters stood on controversial issues such as gun control and abortion, as well as information the RNC had had collected by other data analytics contractors from the 2008 and 2012 elections.

Despite the sensitive detail of this information, the complaint alleges that Deep Root did not take proper measures to safeguard it. UpGuard cyber risk analyst Chris Vickey has written a report claiming that Deep Root stored this information on a cloud server, without even so much as password protection.

Thus during the early part of the month of June, the complaint alleges, anyone in the world could have accessed this information and it therefore comprises the largest leak of US voter data in history.

However, the complaint says, Deep Root did not inform victims of the data breach in a timely manner that their information had been stolen; according to the complaint, it only commented on the data breach after the appearance of the UpGuard report and has also failed to provide timely, adequate notice of what types of PII were stolen.

The complaint claims that Deep Root was negligent in ignoring standard information security principles, and in allowing unrestricted and unmonitored access to the information. The complaint alleges that the company did not take proper measures despite the fact that this made it likely that the information would be gathered, misused, and/or disclosed by other parties without proper consent. Among the problems with this kind of breach are invasions of privacy and the danger of identity theft, which can take victims years to discover and resolve.

The complaint therefore alleges that Deep Root is guilty of two counts of negligence.

Article Type: Lawsuit
Topic:

Most Recent Case Event

Deep Root Analytics Stolen Information Complaint

June 21, 2017

The complaint for the Deep Root Analytics Stolen Information Class Action alleges that when the Republican National Committee hired Deep Root to collect and analyze voter data, Deep Root did not take standard information protection measures, leading to a data breach. It also failed to inform victims of the breach in a timely and adequate manner or to inform them of exactly what kind of information was stolen. 

deep_root_data_exposure_complaint.pdf

Case Event History

Deep Root Analytics Stolen Information Complaint

June 21, 2017

The complaint for the Deep Root Analytics Stolen Information Class Action alleges that when the Republican National Committee hired Deep Root to collect and analyze voter data, Deep Root did not take standard information protection measures, leading to a data breach. It also failed to inform victims of the breach in a timely and adequate manner or to inform them of exactly what kind of information was stolen. 

deep_root_data_exposure_complaint.pdf
Tags: Exposing Private Information, Inadequate internal system/oversight, Inadequately secured information, Your Privacy