Albertsons Companies Facing Class Action Over ‘Preventable’ 2022 Employee Data Breach

New to ClassAction.org? Read our Newswire Disclaimer

Albertsons Companies, Inc. faces a proposed class action over a December 2022 data breach that impacted tens of thousands of current and former employees.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 55-page lawsuit contends that the breach, during which an unauthorized actor gained access to files containing employees’ personal information over the course of at least three days, was a direct result of the grocery store operator’s failure to implement reasonable cybersecurity measures.

According to the case, Albertsons, one of the largest grocers in the United States, had a legal duty under contract, industry standards, and state and federal laws to protect consumers’ personal information from unauthorized exposure. Despite these obligations, the company maintained its employees’ data in a “reckless manner” on a computer network that was “vulnerable to cyberattacks,” the complaint alleges.

The case says that data thieves responsible for the hack were able to exfiltrate victims’ names, dates of births and Social Security numbers, all of which can be used to commit various crimes.

“As a result of the Data Breach, Plaintiff and Class Members have been exposed to a heightened and imminent risk of fraud and identity theft,” the suit says, adding that affected individuals must now spend significant amounts of time, money and effort to guard against these threats.

The plaintiff, a Pennsylvania resident who worked for Albertsons from 2000 to 2003, says she received from the company on April 21 a notice letter alerting her to the incident, the complaint relays. However, the suit contends that the document omits several pertinent details, including what steps have been taken to ensure a breach does not occur again.

Per the notice letter, Albertsons “immediately launched a forensic investigation” after supposedly discovering the unauthorized access on December 23 last year, and found that copies of data had been removed from certain file servers between December 22 and 24, the suit relays.

The case contends that Albertsons knew or should have known the importance of safeguarding employee data against the increasingly common, though reasonably preventable, threat of a cyberattack. For example, cybercriminals would have exfiltrated only unintelligible data had Albertsons properly encrypted its employees’ personal information, the filing alleges.

The lawsuit seeks to cover anyone whose personally identifiable information was maintained on Albertsons Companies’ computer systems that were compromised in the data breach and who received from Albertsons a notice of data breach letter.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.