Artech Hit with Class Action Over Three-Day January 2020 Data Breach [UPDATE]
by Erin Shaak
Last Updated on December 8, 2021
Poling v. Artech LLC
Filed: October 29, 2020 ◆§ 3:20-cv-07630
A proposed class action claims Artech LLC’s insufficient data security policies and procedures led to a data breach in January 2020.
Case Updates
December 8, 2021 – File a Claim: Artech Data Breach Settlement Website Is Live
The proposed class action detailed on this page has settled, with United States Magistrate Judge Laurel Beeler preliminarily signing off on the deal on September 30, 2021.
According to a 13-page preliminary approval order, the settlement covers roughly 30,720 individuals in the United States and overseas military personnel who received a notification from Artech that their personal information may have been accessible during the three-day ransomware attack. The settlement offers monetary relief and a credit monitoring and identity theft protection program funded by Artech. Court documents state that everyone covered by the deal will have three months from the date on which the settlement receives final approval to request access to the services, which would be in place for three years.
To file a claim online, visit the official settlement website:
https://kccsecure.com/artechdatasecuritysettlement/
Claims must be submitted online or postmarked by February 26, 2022. When submitting a claim, you will need both the claim ID and PIN code included on your personalized settlement notice.
The amount of compensation available through the settlement is divided into two tiers. Those in the first tier, i.e. individuals who do not submit evidence that they experienced identity theft, fraud or misuse of their information as a “fairly traceable” result of the data breach, may submit a claim for reimbursement of out-of-pocket expenses up to $80.
Consumers in the second tier are those who can demonstrate that they have suffered injury that is “fairly traceable” to the ransomware attack and provide the settlement administrator with evidence of out-of-pocket expenses related to the cybersecurity event. These individuals can recover up to $10,000. Details on what’s required of consumers looking to submit a “tier two” claim can be found on page four of the document found here.
Importantly, settlement checks class members receive will be valid for only 90 days.
As part of the settlement, Artech has agreed to conduct baseline penetration testing at least annually, as well as ensure that anti-malware software resides on its servers, among other measures. Artech has also agreed to implement a company-wide encryption protocol and continue training all personnel on proper IT security and personal information safeguards.
Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.
A proposed class action claims unauthorized parties were able to access Artech LLC’s computer systems between January 5 and 8, 2020 due to the workforce solutions company’s insufficient data security policies and procedures.
Artech employs more than 10,500 industry professionals and, as part of its business operations, receives, collects and maintains “a large amount of sensitive [personally identifiable information],” according to the case. The lawsuit argues that the data breach is a direct result of Artech’s failure to take necessary security precautions to protect the private data with which the company was entrusted.
“This data should have received the most rigorous protection available – it did not,” the complaint scathes.
According to the case, Artech received on January 8 a report of “unusual activity relating to an employee’s Artech user account.” An investigation revealed that an unauthorized actor had gained access to certain of the defendant’s computer systems where sensitive PII was stored, the lawsuit relays.
Per the complaint, the data accessed in the breach included individuals’ names, Social Security numbers, medical details, health insurance information, financial specifics, payment card numbers, driver’s license/state identification numbers, government-issued identification numbers, passport digits, visa numbers, electronic/digital signatures, usernames and password information.
Per the case, those affected by the breach began receiving notice of the incident around September 4, 2020. The lawsuit claims it is apparent from the data breach notices and corresponding press release that the information compromised in the incident was not encrypted.
Further, the lawsuit claims that although Artech was aware of the breach no later than January 8, the defendant “took no steps” to directly notify affected individuals until early September, at least 240 days later.
According to the suit, “there is no limit” to the amount of fraud to which Artech has exposed those whose PII was compromised in the breach, and the company’s offer of 12 to 24 months of identity monitoring protection services is “woefully inadequate” to compensate proposed class members for the harm caused.
“Plaintiff and the Class Members have suffered, continue to suffer and/or will suffer, actual harms for which they are entitled to compensation,” the complaint argues.
The lawsuit looks to represent anyone in the U.S. whose personally identifiable information was compromised as a result of the data breach announced by Artech around September 4, 2020, with a proposed subclass of California residents.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Before commenting, please review our comment policy.