fbpx

Waste Management Employee Information Data Breach Class Action

As a condition of employment, employees are required to give companies their personally identifiable information (PII). USA Waste-Management Resources, LLC (WMR) and its subsidiary Waste Management, Inc. (WMI) employ more than 48,000 people, operating landfills and transfer stations and using waste to create energy. Because of a data breach that occurred between January 21 and 23, 2021, the complaint alleges that the companies did not provide reasonable and adequate security to safeguard employee PII.

The Nationwide Class for this action is all persons living in the US who are current or former employees of USA Waste-Management Resources or Waste Management or any of their affiliates, and whose PII was compromised as a result of the data breach that took place between January 21 and 23, 2021. The complaint also proposes, in the alternative, a similar California Class.

WMR and WMI store the PII of current and former employees. The information accessed and stolen in the intrusion into their systems in January 2021 included names, Social Security and National ID numbers, dates of birth, and driver’s license numbers.

The victims of this data breach, including the two plaintiffs in this case, did not get notices telling them about the incident until almost four months after the data breach had occurred.

The notices were dated May 28, 2021 and said that, on January 21, the companies had “discovered suspicious activity in our network environment. We immediately launched an investigation, with the assistance of third-party forensic specialists, to determine the nature and scope of the activity and contacted the FBI.” They claimed that “an unauthorized actor entered our environment” and took “a limited number of files” including files that contained sensitive information about the recipients of the letters.

The notice said that “the investigation remains ongoing, [and] we are taking steps now to implement additional safeguards and review policies and procedures relating to data privacy and security.”

The complaint alleges that the information was taken because of the companies’ “inadequate data security.” It claims that the companies did not comply with Federal Trade Commission (FTC) requirements.

The FTC has issued guidelines for businesses for data security. The complaint points to its Protecting Personal Information: A Guide for Business, which was updated in 2016 and says, “Among other things, the guidelines note businesses should properly dispose of personal information that is no longer needed; encrypt information stored on computer networks; understand their network’s vulnerabilities; and implement policies to correct security problems.”

The complaint alleges that the companies were negligent in failing to secure the PII they kept on file. The counts include negligence, breach of implied contract, breach of confidence, and invasion of privacy, among other things.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Waste Management Employee Information Data Breach Complaint

June 21, 2021

As a condition of employment, employees are required to give companies their personally identifiable information (PII). USA Waste-Management Resources, LLC (WMR) and its subsidiary Waste Management, Inc. (WMI) employ more than 48,000 people, operating landfills and transfer stations and using waste to create energy. Because of a data breach that occurred between January 21 and 23, 2021, the complaint alleges that the companies did not provide reasonable and adequate security to safeguard employee PII.

Waste Management Employee Information Data Breach Complaint

Case Event History

Waste Management Employee Information Data Breach Complaint

June 21, 2021

As a condition of employment, employees are required to give companies their personally identifiable information (PII). USA Waste-Management Resources, LLC (WMR) and its subsidiary Waste Management, Inc. (WMI) employ more than 48,000 people, operating landfills and transfer stations and using waste to create energy. Because of a data breach that occurred between January 21 and 23, 2021, the complaint alleges that the companies did not provide reasonable and adequate security to safeguard employee PII.

Waste Management Employee Information Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Inadequate Cybersecurity, Your Privacy