fbpx

Morley Companies Data Breach Compromises Information Class Action

Morley Companies, Inc. offers services to other businesses, internationally, including such things as business process outsourcing, meeting planning, and exhibit and display producing. The subject of this class action, however, is a data breach of Morley’s systems and the company’s responsibility in “failing to properly safeguard and protect … personal identifiable information and thereby enabling cyber criminals to steal such valuable and sensitive information.”

The class for this action is all persons whose PII or PHI was compromised as a result of the data breach at Morley.

Morley’s “unlawful, willful and wanton failure to protect” the personally identifiable information (PII) in its systems, the complaint alleges, resulted in the exposure of the PII in a data breach that was discovered on August 1, 2021. On that day, the complaint claims, Morley learned that it was the subject of a ransomware malware attack on its systems.

With the help of computer specialists, Morley investigated the attack. On January 18, 2022, the complaint alleges, “the investigation confirmed that certain files on Morley’s systems had been accessed without authorization. The forensic investigation further determined that one or more of the potentially impacted folders contained” the PII of more than 521,000 people.

The information exposed, the complaint claims, included names, addresses, Social Security numbers, dates of birth, medical diagnostic and treatment information, and protected health information (PHI).

According to the complaint, “PHI is particularly valuable because criminals can use it to target victims with frauds and scams that take advantage of the victim’s medical conditions or victim settlements.” Cybercriminals can sell stolen information, or post on the Internet, making it publicly available.

The complaint alleges that the plaintiff in this action, Gale Marie Jackson, will be at risk of identity theft for the rest of her life: “As a direct and proximate result of the Data Breach, [Jackson] will likely need to purchase a lifetime subscription for identity theft protection and credit monitoring.”

The complaint claims that Morley was aware of the risks of cyberattacks, with companies that hold medical information being prime targets for attacks. It also claims that the attack was preventable, quoting Lucy Thompson in the Data Breach and Encryption Handbook as saying, “In almost all cases, the data breaches that occurred could have been prevented by proper planning and the correct design and implementation of appropriate security solutions.”

The Federal Trade Commission (FTC) has put out guidelines for reasonable security practices for businesses. The complaint alleges, “Upon information and belief, Morley failed to maintain many reasonable and necessary industry standards necessary to prevent a data breach, including [those in] the FTC’s guidelines. Upon information and belief, Morley also failed to meet the minimum standards of” certain other frameworks as well.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Morley Companies Data Breach Compromises Information Complaint

March 3, 2022

Morley Companies, Inc. offers services to other businesses, internationally, including such things as business process outsourcing, meeting planning, and exhibit and display producing. The subject of this class action, however, is a data breach of Morley’s systems and the company’s responsibility in “failing to properly safeguard and protect … personal identifiable information and thereby enabling cyber criminals to steal such valuable and sensitive information.”

Morley Companies Data Breach Compromises Information Complaint

Case Event History

Morley Companies Data Breach Compromises Information Complaint

March 3, 2022

Morley Companies, Inc. offers services to other businesses, internationally, including such things as business process outsourcing, meeting planning, and exhibit and display producing. The subject of this class action, however, is a data breach of Morley’s systems and the company’s responsibility in “failing to properly safeguard and protect … personal identifiable information and thereby enabling cyber criminals to steal such valuable and sensitive information.”

Morley Companies Data Breach Compromises Information Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy