USA Waste-Management Resources, LLC and Waste Management, Inc. face a proposed class action over a January 2021 data breach that reportedly affected over 268,000 employees, former employees and their dependents.
According to the 47-page case out of New York federal court, Waste Management’s systems were breached between January 21 and 23 by an unauthorized party who gained access to files containing current and former employees’ and their dependents’ names, Social Security numbers (or National IDs), dates of birth and driver’s license numbers. The suit says the incident has exposed the individuals to a heightened risk of identity theft and fraud and will cause them to spend significant time and effort monitoring their accounts and guarding against the unauthorized use of their information.
Waste Management, the suit says, describes itself as “North America’s leading provider of comprehensive waste management environmental services” and, as such, had both the ability and the responsibility to protect the personal information provided by employees and their dependents from unauthorized access. Nevertheless, the defendants have failed to do so, the case alleges.
“Defendants had the resources necessary to prevent the Data Breach, but neglected to implement adequate data security measures, despite their obligations to protect current and former employees’ (and their dependents’) PII, and despite their public statements that WM ‘value[s] safety’ and is one of the ‘world’s most ethical companies.’ Had Defendants remedied the deficiencies in their data security training and protocols, and adopted security measures recommended by experts in the field, they would have prevented the intrusion leading to the theft of PII.”
According to the case, Waste Management failed to implement guidelines recommended by the Federal Trade Commission (FTC) to protect sensitive information against phishing attacks and other types of data breaches. The suit claims the defendants’ inadequate data security policies and practices fall under unfair acts and practices prohibited by the FTC Act.
The lawsuit goes on to claim that those affected by the January 2021 data breach were further harmed by the defendants’ failure to timely notify them that their personal information had been exposed and which types of information were unencrypted, the case attests. The plaintiff, who works for the defendants as a residential truck driver, says he was not notified of the breach by Waste Management until June 2021, more than four months after the incident occurred.
The case further decries Waste Management’s “woefully inadequate” offer of 12 months of credit monitoring and identity protection services, alleging the defendants “do not appear to be taking any measures to assist Plaintiff and Class members other than simply telling them to review their financial records and credit reports on a regular basis.” The suit claims that while some damage has already been done, “the worst may be yet to come.”
The lawsuit looks to cover current or former U.S. employees of USA Waste-Management Resources, LLC, Waste Management, Inc. or any of their affiliates who had their personal identifying information compromised as a result of the data breach that occurred between January 21 and 23, 2021. The plaintiff also proposes an alternate subclass of those in California who fit the same criteria.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.