Parker-Hannifin Corporation, a Fortune 250 company, stores personal information on its many employees. But the complaint for this class action claims that the company maintains “unreasonable, unlawful, and unfair practices in regard to its collection and maintenance of the highly sensitive and confidential” information it stores about its current and former employees. According to the complaint, the company’s inadequate security practices led to a data breach that exposed employee information to cybercriminals.
The class for this action is all persons Parker-Hannifin identified as being among the individuals affected by the data breach, including all individuals who were sent a Notice of Data Breach whose (1) personally identifiable information was accessed or (2) personal healthcare information was accessed by unauthorized third parties.
The company describes itself on its website as “the global leader in motion and control technologies.”
During March 11-14, 2022, an unauthorized party got into Parker’s systems and took out 419 GB of private information on current and former employees. Conti, a ransomware group, took responsibility for the theft on April 1, and posted 3% of the stolen data. It published the full set of data online on April 20, 2022.
The complaint alleges, “Businesses that collect and store Private Information about their employees and employees’ families have statutory, regulatory, contractual, and common law duties to safeguard that information and ensure it remains private.”
One of the things the complaint faults Parker for is the continued retention of information that it could have deleted. The plaintiff in this case, Michelle Mulanax, stopped working for Parker ten years ago, the complaint alleges, but her information was still among that stolen by the cybercriminals. The complaint alleges, “There is no reasonable justification for [Parker] to retain … Private Information in unencrypted form for such long periods of time.”
Parker only began sending out notices of the data breach to victims on May 10, 2022. However, the complaint claims that the notice letter “failed to notify Plaintiff and Class members that Conti had published the Private Information on the internet.”
The information stolen, the complaint said, pertained to more than 119,000 individuals and included names, dates of birth, Social Security numbers, driver’s license and passport numbers, financial information, and health information.
The complaint alleges that Parker bears responsibility for the data breach because it failed to provide reasonable network safeguards, failed to have reasonable data retention policies, failed to properly train employees, and did not comply with industry standards for data security practices.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Parker-Hannifin Conti Data Breach Complaint
May 27, 2022
Parker-Hannifin Corporation, a Fortune 250 company, stores personal information on its many employees. But the complaint for this class action claims that the company maintains “unreasonable, unlawful, and unfair practices in regard to its collection and maintenance of the highly sensitive and confidential” information it stores about its current and former employees. According to the complaint, the company’s inadequate security practices led to a data breach that exposed employee information to cybercriminals.
Parker-Hannifin Conti Data Breach ComplaintCase Event History
Parker-Hannifin Conti Data Breach Complaint
May 27, 2022
Parker-Hannifin Corporation, a Fortune 250 company, stores personal information on its many employees. But the complaint for this class action claims that the company maintains “unreasonable, unlawful, and unfair practices in regard to its collection and maintenance of the highly sensitive and confidential” information it stores about its current and former employees. According to the complaint, the company’s inadequate security practices led to a data breach that exposed employee information to cybercriminals.
Parker-Hannifin Conti Data Breach Complaint