Insurance Company Hilb Failed to Protect Private Data from Cyberattack, Class Action Claims [UPDATE]

New to ClassAction.org? Read our Newswire Disclaimer

The Hilb Group Operating Company faces a proposed class action over a cyberattack announced in November 2023 that compromised tens of thousands of individuals’ personal data.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

According to a November 2 notice letter, the Virginia-based insurance agency detected unusual activity related to certain employee email accounts on January 10 of this year. A subsequent investigation revealed that an unauthorized third party gained access to the email accounts for a limited period between December 1, 2022 and January 12, 2023, the notice relays.

The 28-page lawsuit says the cyberattack exposed at least the full names and Social Security numbers of “tens if not hundreds of thousands” of individuals.

The suit argues that the data breach was a result of Hilb’s negligent failure to implement adequate cybersecurity protocols to protect the highly confidential information in its care. The company could have prevented the incident entirely by securing its servers and encrypting the data stored therein, the case claims.

What’s more, the defendant “conceal[ed] the existence and extent of the Data Breach for an unreasonable duration of time,” the complaint alleges, adding that the company began notifying victims months after it purports to have learned of the incident.

However, the notice letter, which shared only “basic details” about the cyberattack, failed to explain what particular information was stolen, how cybercriminals gained access to the network and what steps are being taken to safeguard stored data in the future, the filing contends.

As the lawsuit tells it, impacted individuals are, therefore, “left to speculate as to where their [personally identifiable information] ended up, who has used it, and for what potentially nefarious purposes, and are left to further speculate as to the full impact of the Data Breach and how exactly [Hilb] intends to enhance its information security systems and monitoring capabilities to prevent further breaches.”

The plaintiff, a former Hilb client residing in West Virginia, received notice from the company informing them that their private data had been compromised in the breach, the case says. Like other victims, the plaintiff now faces a greater risk of identity theft or fraud as a result of Hilb’s alleged negligence, the complaint stresses.

The lawsuit looks to represent anyone in the United States whose personal information was exposed to unauthorized third parties as a result of the data breach experienced by the Hilb Group Operating Company between December 1, 2022 and January 12, 2023.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.