Terminix Global Phishing Attack Data Breach Class Action

This complaint brings suit against Terminix Global Holdings, Inc. for a data breach it recently experienced, exposing the personally identifiable information (PII) of its current and former employees and of the current and former employees of its former affiliate, ServiceMaster. The complaint alleges that the data breach “was the direct result of [Terminix’s] failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect the PII” of personnel.

The class for this action is all persons whose PII was exposed in the Terminix data breach announced on October 20, 2020.

The data breach, in this case, occurred through a phishing scam. The complaint says that phishing “occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.”

Apparently, in September 2020, a Terminix employee responded to a phishing scam. The response allowed hackers access to the person’s Microsoft Office 365 account. The hackers then caused e-mails to be forwarded from that person’s in-box to an in-box of their own. The e-mails were forwarded from around September 10, for around two weeks, until September 22.

The complaint claims, “Terminix learned that the emails forwarded from the compromised email account contained highly sensitive financial documents of certain employees, former employees and other personnel.” They contained Social Security numbers, dates of birth, employment dates, amounts in 401(k) accounts, and the name of the 401(k) provider.

Around October 9, 2020, Terminix announced the data breach, informing the persons affected. The announcement included this: “Our review of compromised emails revealed that one email included a file which contained the name, social security number, date of birth, employment dates, 401K balance and the name of our 401K provided for 14,708 current and former teammates.” It noted that “thieves can use [this information] for identity theft.”

The complaint blames the company for the successful phishing attack: “Phishing attacks are generally preventable with the implementation of a variety of proactive measures” including anti-malware security software. “Other proactive measures including sandboxing inbound e-mail…, inspecting and analyzing web traffic, penetration testing…, and employee education, just to name some of the well-known tools and techniques…”

It claims that Terminix did not maintain adequate data security and did not properly monitor its systems for intrusions. In addition, it claims that the company did not follow industry standards or Federal Trade Commission guidelines for data security.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Terminix Global Phishing Attack Data Breach Complaint

November 6, 2020

This complaint brings suit against Terminix Global Holdings, Inc. for a data breach it recently experienced, exposing the personally identifiable information (PII) of its current and former employees and of the current and former employees of its former affiliate, ServiceMaster. The complaint alleges that the data breach “was the direct result of [Terminix’s] failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect the PII” of personnel.

Terminix Global Phishing Attack Data Breach Complaint

Case Event History

Terminix Global Phishing Attack Data Breach Complaint

November 6, 2020

This complaint brings suit against Terminix Global Holdings, Inc. for a data breach it recently experienced, exposing the personally identifiable information (PII) of its current and former employees and of the current and former employees of its former affiliate, ServiceMaster. The complaint alleges that the data breach “was the direct result of [Terminix’s] failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect the PII” of personnel.

Terminix Global Phishing Attack Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy