Accellion, Inc. faces a proposed class action over its alleged failure to properly safeguard large amounts of sensitive client information stored on and/or shared with its Accellion FTA file transfer service.
The 31-page lawsuit says Accellion, whose clients include law firms, government agencies and universities, “knew or should have known” the importance and necessity of protecting the large and sensitive files shared through its Accellion FTA service yet negligently allowed an “unauthorized person” to access the information in a December 20, 2020 data breach.
According to the complaint, the information compromised in the breach included proposed class members’ names, social security and/or driver’s license or state identification numbers, dates of birth, bank account and routing numbers and/or places of employment. The suit, filed in California federal court, charges Accellion clients’ information was compromised due to the company’s “negligent or careless acts and omissions.”
“By obtaining, collecting, using, and deriving a benefit from Plaintiff’s and Class Members’ [personally identifiable information], Defendant assumed legal and equitable duties to those individuals,” the lawsuit says of Accellion’s responsibility to safeguard the data in its care.
As the lawsuit tells it, the harm sustained by Accellion’s clients includes lost or diminished value of the compromised information; out-of-pocket expenses associated with preventing, detecting and recovering from identity theft, tax fraud or unauthorized use of the data; lost opportunity costs linked to attempting to mitigate the actual consequences of the data breach; and the continued risk to the information involved in the incident.
Accellion “disregarded the rights of Plaintiff and Class Members” by failing to ensure their sensitive information was properly safeguarded, the complaint scathes.
According to the complaint, Accellion claims to have notified its customers of the data breach on December 23, three days after it reportedly took place. On January 12, 2021, the company issued a press release in which it stated it had resolved the vulnerability linked to the incident and “released a patch within 72 hours to the less than 50 customers affected,” the suit says.
Over the following days, Accellion customers, such as the Reserve Bank of New Zealand and the Australian Securities and Investments Commission (ASIC), announced they had been affected by the data breach, the case relays. In its announcement, however, ASIC “rais[ed] doubt” as to Accellion’s claim that it had notified all Accellion FTA customers of the data breach incident, the lawsuit says.
On February 1, the Office of the Washington State Auditor (SAO) added its name to the list of entities affected by the breach, the case continues. According to the lawsuit, the Washington SAO, in its announcement of the incident, said it had used the Accellion FTA service prior to the data breach to transfer the personal information of roughly 1.6 million Washington residents contained in the state’s Employment Security Department files, specifically those who filed unemployment insurance claims in 2020.
As with ASIC, the Washington SAO also raised doubt as to whether Accellion actually notified all affected customers, the suit says, noting the University of Colorado, the plaintiff’s alma mater, took a similar tract in notifying the world that it was “one of some 300 Accellion customers” hit in the attack.
According to the complaint, Singtel, a Singapore telephone company; QIMR Berghofer, an Australian medical research institute; and the Jones Day law firm all subsequently announced they were among those affected by the Accellion data breach.
As a result of the incident, the plaintiff and proposed class members now face “years of constant surveillance of their financial and personal records, monitoring, and loss of rights,” and will continue to incur damages in addition to any fraudulent use of the personal information that may arise.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.