Aon Corporation faces a proposed class action that alleges the global insurance provider failed to protect consumers’ data from unauthorized access.
The 25-page lawsuit comes after Aon revealed that it had been hit by a data breach that went undetected for over a year, from late December 2020 to February 2022. Per the complaint, cybercriminals breached the company’s systems to access insurance files containing consumers’ names, addresses, dates of birth, Social Security and driver’s license numbers and, in some cases, benefit enrollment information.
The lawsuit claims that Aon “lacked the security necessary to prevent such a hack” or stop unauthorized parties from stealing consumers’ personally identifiable information. Per the suit, Aon has disregarded consumers’ privacy rights and exposed their information to a heightened risk of misuse.
“Aon’s use of outdated and insecure computer systems and software that are easy to hack, and its failure to maintain adequate security measures and an up-to-date technology security strategy, demonstrates a willful and conscious disregard for privacy, and has exposed the [personally identifiable information] of Plaintiff and members of the proposed Class to unscrupulous operators, con artists, and criminals.”
The suit goes on to chastise Aon for allegedly failing to timely detect the incident and notify victims. Per the case, although Aon’s internal investigation had by February 25, 2022 confirmed that consumers’ data had been subject to unauthorized access, the company waited until May to begin sending notice to those whose information was compromised.
According to the complaint, Aon’s data breach notice “deliberately underplayed” the severity of the breach and misrepresented that the insurer had “no evidence cybercriminals had copied, retained, or shared the data, even though Aon knew cybercriminals had accessed its files for an extended period.”
Moreover, Aon reportedly announced that the data breach did not have “a significant impact” on its operations, the case relays.
“However, the same cannot be said for victims, whose [personally identifiable information] was exposed to cybercriminals,” the complaint argues, claiming that data breach victims now face a heightened risk of identity theft.
The suit says Aon has offered data breach victims only 24 months of free credit monitoring services “despite the significant [personally identifiable information] that was compromised over a two-year period.”
The plaintiff, whose employer used Aon to administer employee benefits for roughly six years, says she did not receive a notice of the data breach until June 2022. Per the case, the woman has spent and will spend “considerable time and effort” monitoring her accounts for identity theft and is experiencing “feelings of anxiety, sleep disruption, stress, fear, and frustration” as a result of the data breach.
The plaintiff looks to represent all Illinois residents whose personally identifiable information was compromised in the Aon data breach.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Camp Lejeune residents may soon have the opportunity to claim compensation for harm suffered from contaminated water.