Morley Companies, Inc. keeps the files of half a million employees, former employees, and clients on its systems. This information may include personally identifiable information (PII) as well as protected health information (PHI). The complaint for this class action alleges that the company did not take adequate steps to safeguard the information entrusted to it, resulting in a data breach beginning on August 1, 2021.
The class for this action is all individuals whose PHI or PII was accessed by and disclosed to unauthorized persons in the data breach, including all individuals who were sent a notice of the data breach.
Morley provides business services to clients in three areas, the complaint alleges: “business process outsourcing, meetings and incentives, and exhibits and displays.” It claims to work with many Fortune 500 businesses.
According to the complaint, Morley maintains on file the PII of employees, former employees, and clients. It also has the PHI of those who participate, or have participated, in its health plan. Beginning on August 1, 2021, an unauthorized party accessed Morley’s systems, exposing the information of more than 541,000 people. The complaint claims Morley did not provide an ending date for the unauthorized access.
Morley did not notify the individual victims immediately. The plaintiff for this action, Kenneth Ratcliff, says he received a notice letter only dated January 26, 2022. A notice posted on Morley’s website, the complaint alleges, says that the information accessed by the hackers included names, addresses, Social Security numbers, dates of birth, medical diagnostic and treatment information, and health insurance information.
The complaint alleges, “Cyber criminals seek out PHHI at a greater rate than other sources of personal information. In a 2021 report, the healthcare compliance company Protenus found that there were 758 medical data breaches in 2020 with over 40 million patient records exposed. This is an increase from the 572 medical data breaches that Protenus compiled in 2019.”
PHI is valuable. The complaint says, “According to a report released by the Federal Bureau of Investigation’s (‘FBI’) Cyber Division, criminals can sell healthcare records for 50 times the price of a stolen Social Security or credit card number.” The complaint also alleges that criminals can use information about a sexually transmitted disease or terminal illness to coerce or extort an individual.
Furthermore, the complaint claims that stealing a Social Security number “in combination with other PII (e.g., name address, date of birth) is akin to having a master key to the gates of fraudulent activity.”
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Morley Companies PII and PHI Exposed in Data Breach Complaint
February 18, 2022
Morley Companies, Inc. keeps the files of half a million employees, former employees, and clients on its systems. This information may include personally identifiable information (PII) as well as protected health information (PHI). The complaint for this class action alleges that the company did not take adequate steps to safeguard the information entrusted to it, resulting in a data breach beginning on August 1, 2021.
Morley Companies PII and PHI Exposed in Data Breach ComplaintCase Event History
Morley Companies PII and PHI Exposed in Data Breach Complaint
February 18, 2022
Morley Companies, Inc. keeps the files of half a million employees, former employees, and clients on its systems. This information may include personally identifiable information (PII) as well as protected health information (PHI). The complaint for this class action alleges that the company did not take adequate steps to safeguard the information entrusted to it, resulting in a data breach beginning on August 1, 2021.
Morley Companies PII and PHI Exposed in Data Breach Complaint