in Newswire Published on December 6, 2022

Receivables Performance Management Hit with Class Action Over 2021 Data Breach Affecting 3.7 Million People [UPDATE]

by Kelly Mehorter

Last Updated on September 23, 2024

View Comments

Tristan v. Receivables Performance Management, LLC

Filed: December 1, 2022 § 2:22-cv-01719

Read Complaint

A class action claims the failure of Receivables Performance Management to properly secure the private information of 3.7 million customers is to blame for a 2021 data breach.

Defendant(s)

Receivables Performance Management LLC

Law(s)

State(s)

Washington

Categories

Privacy Data Breach

September 23, 2024 – Receivables Performance Management Reaches $5.6M Data Breach Settlement

A $5.6 million settlement has been reached to resolve a handful of lawsuits filed over the 2021 Receivables Performance Management (RPM) data breach, and the official settlement website can be found at RPMDataSettlement.com.

Don't miss out on settlement news like this. Sign up for ClassAction.org's free weekly newsletter here.

The RPM settlement, which received preliminary approval from the court on August 2, 2024, covers anyone who received a notification letter from Receivables Performance Management stating that their personal information may have been compromised in the data breach. Court documents state that more than 3.7 million people are included in the class for the RPM settlement.

To file a claim in the Receivables Performance Management data breach settlement, head over to the official settlement website to download a claim form to submit by mail, or click here to submit your claim online. To file a claim form, you'll need your unique claimant ID, which can be found on the class action settlement notice you should have received in the mail. 

The deadline for filing an RPM data breach settlement claim form is November 12, 2024.

Those covered by the RPM settlement can file a claim for reimbursement of out-of-pocket losses that are "fairly traceable" to the data breach, including losses incurred as a result of identity theft or falsified tax returns, costs of purchasing credit monitoring or identity theft protection services, or other miscellaneous expenses associated with the breach.

The settlement also allows claimants to be reimbursed for time spent responding to the data breach at a rate of $25 per hour for up to four hours.

Class members are also eligible to enroll in three years of three-bureau credit monitoring, which includes identity restoration services and $1 million in identity theft insurance.

Finally, California residents can file a claim for an additional $50 cash payment.

The settlement website states that, should there be any remaining money in the settlement fund after the payment of all approved claims for residual credit monitoring services, all class members who file a claim, regardless of the type of amount of the approved claim, will receive a residual cash payment of up to $100.

Consumers who file a valid claim can expect to receive their payout after the settlement receives final approval, a hearing for which has been scheduled for December 6, 2024, and after any appeals or other reviews are resolved.

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements

A proposed class action claims the failure of Receivables Performance Management (RPM) to properly secure the private information of approximately 3.7 million customers is to blame for a 2021 data breach.

The 21-page case alleges that the Washington-based debt collection company exposed the names, Social Security numbers and other personally identifying information of 3,766,573 individuals to unauthorized third parties from April 8 to May 21, 2021 by failing to implement reasonable cybersecurity measures.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

Per the complaint, RPM, the purported nationwide leader in accounts receivable management, discovered the data security incident on May 12 of last year but waited 18 months to begin notifying affected individuals in November 2022. The filing says that to date, RPM has provided victims with “vague and incomplete” reports concerning the nature of the compromised data and details surrounding the incident.

Receivables Performance Management reported that it has “obtained confirmation to the best of its ability that the information is no longer in the possession of the third party(ies) associated with this incident,” and offered one year of credit monitoring and identity theft services to affected individuals, the lawsuit relays. However, RPM’s remedial efforts are too little too late, the case argues, contending that victims are already at serious risk of fraud or identity theft, especially since the leaked information is highly valued and traded on the “cyber black market.”

The complaint contests that RPM should have known that it would be a target for malicious actors considering the substantial increase in data breaches in recent years, as well as widespread coverage and industry alerts of similar attacks. 

“Despite such knowledge, RPM failed to implement and maintain reasonable and appropriate data privacy and security measures to protect Plaintiff’s and Class members’ [personally identifiable information] from cyber-attacks,” the case reads.

The suit goes on to allege that RPM was out of line with regulatory and industry guidance regarding data security, contradicting its privacy policy promise that it “recognizes and respects the information/legislation set forth by Federal … and State guidelines pertaining to privacy matters regarding client, customer and other 3rd party information.”

The lawsuit looks to represent all individuals residing in the United States whose personally identifiable information was compromised in the data breach disclosed by Receivables Performance Management on or about November 21, 2022, including all U.S. residents who were sent a notice of the data breach.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

Case Spotlight

Video Game Addiction Lawsuits

If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.

Learn more:Video Game Addiction Lawsuit

Depo-Provera Lawsuits

Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.

Read more: Depo-Provera Lawsuit

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on September 23, 2024 — 11:28 AM

Kelly Mehorter

kelly@classaction.org

Kelly works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.