Parker Hannifin Hit with Class Action Over March 2022 Data Breach

New to ClassAction.org? Read our Newswire Disclaimer

Parker Hannifin Corporation failed to exercise “reasonable care” in safeguarding the sensitive information of current and former employees and their dependents from unauthorized access, a proposed class action alleges. 

The 54-page lawsuit was filed in Ohio on May 20 by an East Rockaway, New York resident whose husband worked for the national engineering and manufacturing firm in the mid-1980s. According to the suit, the March 2022 Parker Hannifin data breach exposed current and former employees’ names; dates of birth; Social Security, driver’s license and U.S. passport numbers; addresses; bank account and routing numbers; online usernames and passwords; and health insurance enrollment details. 

According to the case, Parker Hannifin has offered no assurance to victims that all personal data or copies of data exposed in the purportedly foreseeable incident, which the suit blames on “a lapse in network security,” have been recovered or destroyed. 

“The Breach occurred because Defendant failed to take reasonable measures to protect the Private Information it collected and stored,” the suit alleges. “Among other things, Defendant failed to implement data security measures designed to prevent this release of information, despite repeated warnings to large companies about the risk of cyberattacks and the highly publicized occurrence of many similar attacks in the recent past.” 

The lawsuit states that the company learned of a “security incident” that supposedly occurred between March 11 and March 14. The breach involved an “unauthorized actor” who accessed the current and former employee information stored on Parker Hannifin’s computer network, the suit says. 

The notice letter sent to data breach victims in May stated that the company, upon learning of the incident, immediately shut down certain systems before launching an investigation and notifying law enforcement. The case points out, however, that Parker Hannifin’s “woefully deficient” notice offered no explanation for the delay between the company’s initial discovery of the breach and notification to affected individuals, which the suit argues caused harm that “could have [been] avoided had a timely disclosure been made.” From the complaint:

“Parker’s notice of Data Breach was not just untimely but woefully deficient, failing to provide basic details of the Data Breach, including but not limited to, how unauthorized parties accessed Parker’s networks, whether the impacted information was encrypted or otherwise protected, how Parker learned of the Data Breach, whether the Data Breach occurred system-wide, whether servers storing information were accessed, and how many people were affected by the Data Breach.” 

The lawsuit went on to criticize Parker’s offer of two years of credit monitoring, noting that the use of such a service would require the disclosure of additional information “with which Parker had just demonstrated it could not be trusted.” 

Per the complaint, victims will experience “a slew of harms” as a result of Parker Hannifin’s “ineffective data security measures” in the months and years to come, including fraudulent charges, identity theft and unconsented targeted advertising. 

The case looks to cover all persons nationwide whose private information was compromised as a result of the Parker Hannifin data breach discovered on or about March 2022 and were sent notice of the incident. 

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.