Draeger Hit with Class Action After Disclosing Employee Information in 2016 Phishing Scam

New to ClassAction.org? Read our Newswire Disclaimer

Draeger, Inc.’s alleged failure to adequately protect employees’ personal information is the subject of a proposed class action filed in the wake of a data breach that stemmed from an apparent “phishing scam.”

According to the complaint, an unknown party pretending to be a Draeger executive called an employee of the German medical and IT safety technology company on January 19, 2016 and requested information about the company’s current U.S. employees. The following day, the suit says, the unknown and unauthorized party who placed the call was provided with a spreadsheet containing the names, addresses, Social Security numbers and pay details of the plaintiff and Draeger’s other U.S. workers.  

On January 29, 2016, the lawsuit continues, Draeger employees received an email notice stating the company had experienced a “security breach” and that workers’ personal information had been disclosed without authorization in response to a “phishing scam.” The case claims that because Draeger “unreasonably delayed” informing employees of the breach, workers were left exposed and unable to take the necessary steps to protect themselves from identity theft. From the suit:

“As a result of Defendant’s negligent and inadequate security practices and slow response to the breach, Draeger’s current and former employees and their family members are subject to a heightened and concrete risk of identity theft due to the exposure of their financial, tax and other personal identifying information.”

The case contends that Draeger “failed to implement and maintain reasonable and adequate security measures” to protect employee data given that the stolen information was neither encrypted nor protected by a password or access code. If these security measures had been in place, the lawsuit argues, the breach may have been prevented entirely as the stolen information may have been unreadable or at least harder to access.

Furthermore, the complaint charges that the defendant “focused on its own remediation efforts rather than protecting its employees’ sensitive personal information” following the breach.  

The lawsuit looks to represent all Draeger employees who have lived in California and whose information was transmitted by the defendant to an unauthorized party on or around January 20, 2016.