Carvin Wilson Software Failed to Prevent 2023 Data Breach Affecting 187K People, Class Action Alleges

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action lawsuit claims inadequate cybersecurity on the part of Carvin Wilson Software is to blame for a 2023 data breach that compromised the personal information of over 187,000 people.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 34-page lawsuit says that although the Arizona-based staffing software and consulting services company claims to have first detected unauthorized activity on its computer systems on March 29, a subsequent investigation revealed that cybercriminals had in fact accessed the network between February 22 and March 9.

The suit shares that the data compromised in the breach included, without limitation, the names, Social Security numbers and financial account information of thousands of employees of Carvin Software clients.

Per the case, the cyberattack was a direct result of the company’s insufficient data security practices. The complaint argues that had Carvin Software adequately monitored the computer systems which housed consumers’ private information, it could have detected the cyberattack sooner or prevented it entirely.

Additionally, the filing claims that the defendant failed to promptly and adequately notify victims of the breach. Though Carvin Software purportedly discovered the ransomware attack in late March, notices were not sent to impacted individuals until early May, the lawsuit relays.

Although the company has offered those affected by the incident one year of credit monitoring services, and attached to its data breach notice a list of “time-consuming steps” to limit the “inevitable” harm from the incident, Carvin Software has apparently offered “no other substantive steps to help victims … protect themselves,” the suit contends.

By collecting and storing the sensitive information of its clients’ employees, Carvin Software had a legal obligation to implement proper safeguards to protect this valuable data from unauthorized disclosure, the lawsuit stresses.

The plaintiffs, residents of Missouri and Tennessee whose employers were customers of Carvin Software, received notice that their private data had been compromised in the breach, the complaint says. Like other victims, these individuals now face a significant risk of identity theft, fraud, phishing schemes and other illegal activity as a result of the defendant’s negligence, the filing charges.

The lawsuit looks to represent anyone in the United States whose personal information was stolen as a result of the data breach, including those who were sent a notice by Carvin Software.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.