OneTouchPoint, Inc. offers printing and mailing services to companies that wish to make mailings to their customers. The complaint alleges that the company did not adequately protect the personally identifiable information (PII) of more than 2,600,000 individuals that was exposed in a data breach of its networks in early 2022.
The Nationwide Class for this action is all persons whose private information was compromised as a result of the data breach. A Washington Subclass has also been defined for those in the above class who live in Washington.
OneTouchPoint discovered the data breach on April 28, 2022 when it found that it had been the target of a cyberattack. The company engaged specialists and launched an investigation, the complaint says, and began providing a summary of its findings on June 3, 2022.
However, the complaint alleges that the plaintiff in this case, Richard Krefting, did not receive notice of the data breach until July 25, 2022, when he received a notification letter from Boeing Employees’ Credit Union, for whom OneTouchPoint was presumably a printing vendor.
The complaint alleges that the information exposed in the data breach included names, addresses, Social Security numbers, account numbers, credit scores, and medical information (or protected health information or PHI).
The complaint quotes the Government Accountability Office as saying, about data breaches, “[I]n some cases, stolen data may be held for up to a year or more before being used to commit identity theft. Further, once stolen data have been sold or posted on the Web, fraudulent use of that information may continue for years. As a result, studies that attempt to measure the harm resulting from data breaches cannot necessarily rule out all future harm.”
The complaint expands on this: “For instance, with a stolen [S]ocial [S]ecurity number, which is part of the PII compromised in the Data Breach, someone can open financial accounts, get medical care, file fraudulent tax returns, commit crimes, and steal benefits.”
The complaint alleges that Krefting has already experienced identity theft from this cyberattack. It says that Krefting “has discovered a credit account fraudulently opened using his personal information. Additionally, since the Data Breach, [Krefting] has received notification from Credit Karma that someone has attempted to change the location of his home address.”
According to the complaint, OneTouchPoint has offered the individual victims of the data breach only twenty-four months of identity theft repair and monitoring services, which the complaint claims is “inadequate to protect Plaintiff and Class Members from a lifetime of identity theft risk.”
The complaint alleges that OneTouchPoint, as a company which provides services for healthcare entities, was aware that it was at risk of a cyberattack, and that it should have been more prepared to resist it.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
OneTouchPoint Data Breach Complaint
September 12, 2022
OneTouchPoint, Inc. offers printing and mailing services to companies that wish to make mailings to their customers. The complaint alleges that the company did not adequately protect the personally identifiable information (PII) of more than 2,600,000 individuals that was exposed in a data breach of its networks in early 2022.
OneTouchPoint Data Breach ComplaintCase Event History
OneTouchPoint Data Breach Complaint
September 12, 2022
OneTouchPoint, Inc. offers printing and mailing services to companies that wish to make mailings to their customers. The complaint alleges that the company did not adequately protect the personally identifiable information (PII) of more than 2,600,000 individuals that was exposed in a data breach of its networks in early 2022.
OneTouchPoint Data Breach Complaint