in Newswire Published on May 12, 2023

Carvin Wilson Software Failed to Prevent 2023 Data Breach Affecting 187K People, Class Action Alleges [UPDATE]

by Kelsey McCroskey

Last Updated on July 29, 2024

View Comments

Locke et al. v. Carvin Wilson Software, LLC

Filed: May 10, 2023 § 2:23-cv-00808-SRB

Read Complaint

A class action lawsuit claims inadequate cybersecurity on the part of Carvin Wilson Software is to blame for a 2023 data breach that compromised the personal information of over 187,000 people.

Defendant(s)

Carvin Wilson Software, LLC

Law(s)

State(s)

Arizona

Categories

Technology Privacy Data Breach

July 15, 2024 – $825K Carvin Wilson Class Action Settlement Over Data Breach Preliminarily Approved

The Carvin Wilson data breach lawsuit detailed on this page and several related cases have been settled for $825,000, with United States District Judge Stephen M. McNamee granting preliminary approval to the deal on May 30, 2024.

Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.

The Carvin class action settlement covers all individuals in the United States and its territories whose personal information was identified by Carvin Wilson Software as having been potentially exposed in the data breach that occurred between February 22 and March 9, 2023. Court documents state that more than 189,000 people are class members for the Carvin Wilson data breach settlement.

The official Carvin Wilson settlement website can be found at CarvinClassActionSettlement.com.

To submit a claim for settlement money, head to this page and enter the login ID and login PIN found on your class action settlement notice. If you did not receive or cannot locate your claim login ID and claim login PIN, contact the settlement administrator at info@CarvinClassActionSettlement.com.

Carvin Wilson data breach settlement claims must be submitted online or by mail by August 30, 2024.

According to the Carvin settlement website, all class members are eligible to receive two years of identity theft and credit monitoring services. All class members are also eligible for reimbursement of $20 per hour, for up to four hours, for lost time spent remedying issues related to the data breach.

Consumers who incurred “actual, documented out-of-pocket expenses” from the data breach are eligible for an additional cash payment of up to $8,500, depending on the kinds of expenses incurred and provided that the expenses have not already been reimbursed or resolved without payment, the website states.

A Carvin Wilson class member may file a claim to receive some or all of the foregoing benefits, and if there is any money left over in the general settlement fund after paying out court-approved fees, expenses and claims, class members who filed claims will receive an additional pro-rata payment.

A final approval hearing is scheduled for September 25, 2024. It is typical for benefits to be paid out to eligible consumers after a class action settlement is ultimately approved by the court, and any appeals or objections are resolved.

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.

A proposed class action lawsuit claims inadequate cybersecurity on the part of Carvin Wilson Software is to blame for a 2023 data breach that compromised the personal information of over 187,000 people.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 34-page lawsuit says that although the Arizona-based staffing software and consulting services company claims to have first detected unauthorized activity on its computer systems on March 29, a subsequent investigation revealed that cybercriminals had in fact accessed the network between February 22 and March 9.

The suit shares that the data compromised in the breach included, without limitation, the names, Social Security numbers and financial account information of thousands of employees of Carvin Software clients.

Per the case, the cyberattack was a direct result of the company’s insufficient data security practices. The complaint argues that had Carvin Software adequately monitored the computer systems which housed consumers’ private information, it could have detected the cyberattack sooner or prevented it entirely.

Additionally, the filing claims that the defendant failed to promptly and adequately notify victims of the breach. Though Carvin Software purportedly discovered the ransomware attack in late March, notices were not sent to impacted individuals until early May, the lawsuit relays.

Although the company has offered those affected by the incident one year of credit monitoring services, and attached to its data breach notice a list of “time-consuming steps” to limit the “inevitable” harm from the incident, Carvin Software has apparently offered “no other substantive steps to help victims … protect themselves,” the suit contends.

By collecting and storing the sensitive information of its clients’ employees, Carvin Software had a legal obligation to implement proper safeguards to protect this valuable data from unauthorized disclosure, the lawsuit stresses.

The plaintiffs, residents of Missouri and Tennessee whose employers were customers of Carvin Software, received notice that their private data had been compromised in the breach, the complaint says. Like other victims, these individuals now face a significant risk of identity theft, fraud, phishing schemes and other illegal activity as a result of the defendant’s negligence, the filing charges.

The lawsuit looks to represent anyone in the United States whose personal information was stolen as a result of the data breach, including those who were sent a notice by Carvin Software.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

Case Spotlight

Video Game Addiction Lawsuits

If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.

Learn more:Video Game Addiction Lawsuit

Depo-Provera Lawsuits

Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.

Read more: Depo-Provera Lawsuit

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

Open Document
Last Updated on July 29, 2024 — 3:11 PM

Kelsey McCroskey

kelsey@classaction.org

Kelsey works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.