NorthStar Data Breach Exposed Personal Info of 82K People, Class Action Says

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action lawsuit claims negligence on the part of NorthStar EMS, Inc. caused a September 2022 cyberattack that compromised the personal information of around 82,000 people.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 56-page lawsuit says that the Alabama-based emergency medical transport and paramedic service discovered around September 16 last year that its computer systems had been accessed by an unauthorized third party. The suit relays that the data breach compromised highly sensitive consumer information, including, but not limited to, patients’ names, dates of birth, Social Security numbers, patient ID numbers, treatment information, Medicare or Medicaid details and health insurance data.

The case alleges that NorthStar housed the private data in its network “unencrypted, unprotected, and vulnerable” to cybercriminals. Not only was the information inadequately safeguarded, but the company also failed to properly monitor its IT systems, the complaint contends.

Although NorthStar claims to have discovered the unauthorized activity in September, it did not begin notifying victims of the breach until mid-March of this year, almost six months later, the filing states. Further, per the lawsuit, the notices themselves provided “only vague information” about what precise data was compromised and how long the hackers had access to NorthStar’s network.

Given the significant amount of sensitive information that NorthStar collected and stored in its systems, the suit argues that the defendant should have understood that it was a “particularly lucrative target for data thieves” and taken appropriate action to secure its network against cyberattacks.

As the case tells it, NorthStar has effectively admitted that “additional security was required,” and even though the company claims to be implementing more security protocols, “there is no indication whether these steps are adequate to protect [victims’] Private Information going forward.”

The plaintiff, an Alabama resident, received notice on March 14 of this year informing him that his personal data had been compromised in the breach, the complaint shares. Like other victims, the man now faces a lifelong risk of identity theft, fraud and other criminal activity as a result of NorthStar’s negligence, the filing charges.

The lawsuit looks to represent anyone identified by NorthStar EMS, Inc. as among those impacted by the data breach, including anyone who was sent a notice.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.