Alacrity Solutions Group, LLC faces a proposed class action lawsuit over a March 2021 data breach that allegedly went undisclosed for nearly a year.
The 51-page lawsuit alleges that Alacrity, who services and administers insurance claims for various companies across the U.S., failed to implement adequate cybersecurity practices and protocols to ensure that consumers’ personally identifiable information remained protected from unauthorized access.
“Had Defendant remedied the deficiencies in its security systems, followed industry guidelines, and adopted security measures recommended by experts in the field, Defendant would have prevented the ransomware attack into its systems and, ultimately, the theft of the Privtae [sic] Information of the individuals on its system,” the complaint alleges.
According to the case, the breach occurred from March 1 to March 3, 2021 and affected consumers in multiple states, including California, Montana, Massachusetts, and Vermont.
The plaintiff, an Allen, Texas resident, says she did not receive notice that her information had been compromised until April 2022, more than a year after the data was first accessed. The woman was told that her name and Social Security number were exposed during the incident, the suit relays.
Per the complaint, Alacrity’s failure to safeguard consumers’ personal information has exposed the individuals to “a slew of harms,” including fraudulent charges, services taken out in their names and targeted advertising without consent.
The lawsuit further alleges that although Alacrity discovered “suspicious activity” on its network on March 3, 2021, the company nevertheless waited a year before sending notice of the breach to victims. Per the suit, Alacrity offered no explanation for this delay, which allegedly caused data breach victims to experience harm “they otherwise could have avoided had a timely disclosure been made.”
Moreover, the case argues that the company’s offer of 12 months of credit monitoring through Equifax “was and continues to be ineffective” for those whose information was compromised given there may be a delay before their data is fraudulently used. Further, identity monitoring cannot prevent identity theft, but merely alerts a person that they have already become a victim of identity theft, the suit specifies.
The lawsuit also points out that in order to use the free credit monitoring services, consumers would need to share additional private information “with third parties connected to ASG.”
The case looks to represent anyone in the U.S. whose private information was compromised as a result of the Alacrity data breach discovered in March 2021 and was sent notice of the breach.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Camp Lejeune residents may soon have the opportunity to claim compensation for harm suffered from contaminated water.