fbpx

Paradies Shops Ransomware Employee Data Exposure Class Action

Data breaches are getting far too common. This time, the incident involves a ransomware attack on the Paradies Shops, LLC, which has stores, restaurants, and bars in over a hundred airports, with about 10,000 employees. The Paradies systems were accessed between October 8 and 13, 2020.

The class for this action is all US residents whose PII was contained in records exfiltrated during the ransomware attack announced in the Notice of Data Incident that Paradies sent out around June 30, 2021.

The cybercriminal who attacked the systems took records that contained the information of more than 76,000 current or former employees. Around October 14, reports on the Internet indicated that the attack had been performed by a ransomware group called REvil.

The complaint says that Paradies “has not publicly reported when it first learned of the Data Breach, but it presumably knew or should have known of the Data Breach (i) once public reports began surfacing on the Internet or (ii) once a ransom was demanded, if any.”

Paradies did not begin notifying the persons whose information had been stolen until around June 30, 2021, over eight months after the data breach occurred. It began notifying attorneys general even later than that, around July 2.

The complaint alleges that when Paradies collected personally identifiable information (PII) from people, it “assumed legal and equitable duties” to safeguard the information. According to the complaint, Paradies “admits that the unencrypted PII exposed to ‘unauthorized activity’ included names and Social Security numbers.”

The complaint claims that the PII was exposed because of Paradies’s “negligent and/or careless acts or omissions” and its failure to adequately protect the information. It also took months to report the data breach to people who needed to know about it. The complaint says that Paradies “has also purposefully maintained secret the specific vulnerabilities and root causes of the breach and has not informed” those whose information was exposed.

The complaint alleges that Paradies “could have prevented this Data Breach by properly securing and encrypting the files and file servers containing the PII… Alternatively, [Paradies] could have destroyed the data, especially decade-old data from former employees.”

The complaint refers to the Federal Trade Commission (FTC) Act: Paradies “violated Section 5 of the FTC Act by failing to use reasonable measures to protect PII and not complying with applicable industry standards, as described in detail herein. [Paradies’s] conduct was particularly unreasonable given the nature and amount of PII it obtained and stored and the foreseeable consequences of the immense damages that would result” to the people whose data was stolen.

The other counts include negligence, breach of implied contract, invasion of privacy, and breach of confidence.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Paradies Shops Ransomware Data Breach Class Action

September 10, 2021

Data breaches are getting far too common. This time, the incident involves a ransomware attack on the Paradies Shops, LLC, which has stores, restaurants, and bars in over a hundred airports, with about 10,000 employees. The Paradies systems were accessed between October 8 and 13, 2020.

Paradies Shops Ransomware Data Breach Class Action

Case Event History

Paradies Shops Ransomware Data Breach Class Action

September 10, 2021

Data breaches are getting far too common. This time, the incident involves a ransomware attack on the Paradies Shops, LLC, which has stores, restaurants, and bars in over a hundred airports, with about 10,000 employees. The Paradies systems were accessed between October 8 and 13, 2020.

Paradies Shops Ransomware Data Breach Class Action
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy