in Newswire January 24, 2020

Draeger Hit with Class Action After Disclosing Employee Information in 2016 Phishing Scam

by Seth Humeniuk

Last Updated on January 24, 2020

View Comments

Soraghan v. Draeger, Inc.

Filed: January 17, 2020 § 3:20-cv-00130-WQH-AHG

Read Complaint

A class action alleges Draeger’s “inadequate” data security is to blame for a phishing incident that exposed sensitive employee information in 2016.

Defendant(s)

Draeger, Inc.

Law(s)

California Unfair Competition Law

State(s)

California

Draeger, Inc.’s alleged failure to adequately protect employees’ personal information is the subject of a proposed class action filed in the wake of a data breach that stemmed from an apparent “phishing scam.”

According to the complaint, an unknown party pretending to be a Draeger executive called an employee of the German medical and IT safety technology company on January 19, 2016 and requested information about the company’s current U.S. employees. The following day, the suit says, the unknown and unauthorized party who placed the call was provided with a spreadsheet containing the names, addresses, Social Security numbers and pay details of the plaintiff and Draeger’s other U.S. workers.  

On January 29, 2016, the lawsuit continues, Draeger employees received an email notice stating the company had experienced a “security breach” and that workers’ personal information had been disclosed without authorization in response to a “phishing scam.” The case claims that because Draeger “unreasonably delayed” informing employees of the breach, workers were left exposed and unable to take the necessary steps to protect themselves from identity theft. From the suit:

“As a result of Defendant’s negligent and inadequate security practices and slow response to the breach, Draeger’s current and former employees and their family members are subject to a heightened and concrete risk of identity theft due to the exposure of their financial, tax and other personal identifying information.”

The case contends that Draeger “failed to implement and maintain reasonable and adequate security measures” to protect employee data given that the stolen information was neither encrypted nor protected by a password or access code. If these security measures had been in place, the lawsuit argues, the breach may have been prevented entirely as the stolen information may have been unreadable or at least harder to access.

Furthermore, the complaint charges that the defendant “focused on its own remediation efforts rather than protecting its employees’ sensitive personal information” following the breach.  

The lawsuit looks to represent all Draeger employees who have lived in California and whose information was transmitted by the defendant to an unauthorized party on or around January 20, 2016.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on January 24, 2020 — 10:01 AM

Seth Humeniuk

seth@season4.io

Seth Humeniuk is the Junior Content Writer for ClassAction.org.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.