CAIRE Failed to Protect Employee Info from Cyberattack, Class Action Alleges
Brennan v. CAIRE Inc.
Filed: March 19, 2024 ◆§ 1:24-cv-01169
CAIRE Inc. faces a class action over a recently announced data breach that affected at least 2,607 current and former employees.
Oxygen supply manufacturer CAIRE Inc. faces a proposed class action over a recently announced data breach that affected at least 2,607 current and former employees.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 46-page data breach lawsuit alleges that CAIRE’s failure to implement adequate cybersecurity measures allowed cybercriminals to infiltrate its computer systems and steal files containing employees’ names and Social Security numbers. According to the complaint, the company detected the intrusion on February 11, 2023, when it noticed “suspicious activity” that impacted “the operability of certain systems.”
“It is unknown for precisely how long the cybercriminals had access to [CAIRE’s] network before the breach was discovered,” the filing says. “In other words, [the defendant] had no effective means to prevent, detect, stop, or mitigate breaches of its systems—thereby allowing cybercriminals unrestricted access to its current and former employees’ [personally identifiable information].”
The case claims the incident has subjected victims to a lifetime risk of identity theft and fraud, given that cybercriminals have already posted, or will soon post, their information on the dark web.
Per the filing, CAIRE deprived affected individuals of the chance to mitigate these threats in a timely manner by waiting more than a year after it purportedly discovered the incident to notify them of the breach.
The plaintiff, a New York resident, says he received a notice letter from CAIRE in early March 2024 informing him that his data was compromised in the cyberattack. The complaint notes that the man was employed by a company now owned by CAIRE from 2009 to 2013, which, according to the suit, means the defendant “negligently retained” his information for no “defensible reason” for over a decade after his employment ended.
Although the company says it has reviewed its data security policies to “reduce the likelihood of a similar future incident,” the filing claims this effort is “too little too late.”
“Simply put, these measures—which [the defendant] now recognizes as necessary—should have been implemented before the data breach,” the case says.
The lawsuit looks to represent anyone in the United States whose personal information was compromised in the data breach discovered by CAIRE in February 2023, including all those individuals who received notice of the incident.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.