2022 Data Breach Ignites Class Action Lawsuit Against Bay Bridge Administrators

New to ClassAction.org? Read our Newswire Disclaimer

Bay Bridge Administrators, LLC (BBA) faces a proposed class action lawsuit that claims a data breach reportedly discovered in September 2022 was a direct result of the company’s allegedly deficient cybersecurity system.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 42-page lawsuit says that although the third-party employment insurance company claims to have first learned of the cyberattack on September 5 of last year, a subsequent investigation revealed that hackers gained access to the defendant’s computer network sometime before August 25 and were able to obtain certain data around September 3. The suit relays that some of the personal information compromised in the breach included consumers’ names; addresses; contact information; Social Security; financial account and driver’s license numbers; medical details; and health insurance information.

The “foreseeable” cyberattack was a result of BBA’s failure to take basic cybersecurity precautions to protect consumers’ personal data, which it stored unencrypted and in a “dangerous condition” on its computer systems, the case contends.

Per the complaint, the company also purportedly failed to provide prompt notice of the breach to victims. Though the defendant says it discovered the ransomware attack in early September 2022, BBA only began notifying those impacted by the breach almost four months later, in late December of that year, the filing says.

In its notice, BBA gave few specifics as to the precise data that was compromised and extracted during what it merely refers to as a “network disruption consistent with a ransomware attack,” the lawsuit relays.

The suit argues that the company should have been “well aware of the risk of being targeted by cybercriminals” in light of the vast database of personal information stored in its network. By collecting and using this sensitive data for its own commercial profit, BBA had a legal duty to secure it against unauthorized disclosure, the case charges.

The defendant has offered victims a two-year subscription to identity theft protection services—a “wholly inadequate” gesture considering the heightened risk of fraud and illegal activity that victims likely face for the rest of their lives, the complaint emphasizes.

The plaintiff, a Texas resident affiliated with the defendant, received notice on December 29, 2022, that his personal information had been compromised in the data breach, the filing says. As the case tells it, the man has received since the cyberattack numerous spam calls, texts, and emails each day and has also been informed that his email address was spotted on the dark web—likely sold by cybercriminals.

The lawsuit looks to represent anyone whose personal information was stored on the computer systems of Bay Bridge Administrators, LLC and who received notice of the data breach discovered in September 2022.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.