This privacy class action sues Steel River Systems, LLC, alleging it failed to take adequate measures to protect the personally identifiable information (PII) it held in its systems. The complaint alleges this permitted a 2022 data breach that exposed Social Security numbers and financial account information to cybercriminals.
The Nationwide Class for this action is all individuals in the US whose PII or financial information was exposed to unauthorized third parties as a result of the data breach discovered by Steel River Systems on July 16, 2022. A Virginia Subclass has also been defined for all those in the above class in Virginia.
The complaint alleges that Steel River is a debt collection company that stored PII as a normal part of its business. Because of this, the complaint alleges, Steel River “assumed legal and equitable duties and knew or should have known that they were thereafter responsible for protecting” the PII and financial information in Steel River’s systems.
The data breach may have begun on or around May 25, 2022, the complaint says, but the company did not discover it until July 16, 2022, and did not send out official notices to the individual victims until December of that year.
The complaint faults Steel River on a number of counts, including “intentionally, willfully, recklessly, or negligently failing to take and implement adequate and reasonable measures to ensure that [the] PII was safeguarded, failing to take available steps to prevent an unauthorized disclosure of data, and failing to follow applicable, required and appropriate protocols, policies and procedures regarding the encryption of data, even for internal use.”
The complaint also claims that the victims have been given insufficient information about the data breach, including the specific kind of data that was stolen, what kind of malware was used in the data breach, and what Steel River is doing to protect the PII and financial information from here on in.
According to the complaint, the company should have been on notice from the recent occurrence of so many other data breaches that a cyberattack was a risk, and it therefore should have been careful to protect its systems from that eventuality.
The company alleges, “The Federal Trade Commission (the ‘FTC’) has concluded that a company’s failure to maintain reasonable and appropriate data security for consumers’ sensitive personal information is an ‘unfair practice’ in violation of the FTC Act.”
The company should therefore have developed and implemented better security practices, the complaint alleges, and also to have processes to immediately detect when a data breach has occurred.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Steel River Systems Data Breach Complaint
January 10, 2023
This privacy class action sues Steel River Systems, LLC, alleging it failed to take adequate measures to protect the personally identifiable information (PII) it held in its systems. The complaint alleges this permitted a 2022 data breach that exposed Social Security numbers and financial account information to cybercriminals.
Steel River Systems Data Breach ComplaintCase Event History
Steel River Systems Data Breach Complaint
January 10, 2023
This privacy class action sues Steel River Systems, LLC, alleging it failed to take adequate measures to protect the personally identifiable information (PII) it held in its systems. The complaint alleges this permitted a 2022 data breach that exposed Social Security numbers and financial account information to cybercriminals.
Steel River Systems Data Breach Complaint