California Pizza Kitchen Data Breach Affected ‘Tens of Thousands’ of Current, Former Employees, Class Action Says [UPDATE]
Last Updated on May 4, 2022
Wallace et al. v. California Pizza Kitchen, Inc.
Filed: December 2, 2021 ◆§ 8:21-cv-01970
A class action alleges California Pizza Kitchen is to blame for a 2021 data breach in which the sensitive information of tens of thousands of current and former employees was accessed by an unauthorized party.
California
Case Updates
May 4, 2022 – California Pizza Kitchen Agrees to Settle Data Breach Suits with $3.7 Million Deal
California Pizza Kitchen has agreed to a $3.7 million deal to settle four consolidated lawsuits, including the one detailed on this page, over a September 2021 data breach that exposed the Social Security numbers of current and former employees.
The motion for preliminary settlement approval states that the deal would cover individuals who received notice of the data breach announced by California Pizza Kitchen on or about November 15, 2021. The document relays that the proposed settlement will cover an estimated 103,767 people, including more than 30,000 in California alone.
If preliminarily approved by the court, the settlement would provide reimbursement of up to $1,000 per “class member” for documented, unreimbursed and “ordinary” expenses (such as fees for credit freezes, card replacements, late payments, etc.) and lost time dealing with the effects of the data breach. The deal would also provide reimbursement of “extraordinary” expenses—defined as out-of-pocket losses related to identity theft—of up to $5,000 per person, and an additional $100 each for those in California.
In addition to the monetary remedies, the proposed settlement also affords every class member up to two years of three-bureau credit monitoring, court documents state. Further, California Pizza Kitchen has agreed to maintain for a period of three years certain enhanced data security measures, including endpoint protection, multi-factor authentication and cybersecurity training for employees.
Court documents specify that when added together, the benefits afforded by the settlement amount to “a conservative value” of more than $3.7 million.
If and when the settlement receives initial approval, eligible current and former California Pizza Kitchen employees should keep an eye out for notice of the deal, which will likely come via physical mail. That notice will contain, among other information, details on your legal rights, how to file a claim for compensation and important deadlines. Court documents also state that an official settlement website will be created.
ClassAction.org will update this page as more information becomes available.
Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.
A proposed class action alleges California Pizza Kitchen (CPK) is to blame for a 2021 data breach in which the highly sensitive information of tens of thousands of the restaurant’s current and former employees, as well as their family members, was accessed by an unauthorized party.
The 36-page complaint claims the cyberattack, which supposedly occurred prior to September 15, 2021 and was discovered by CPK on October 4, is the result of the restaurant chain’s failure to properly monitor the computer network and systems on which the sensitive information was housed. The filing says that information compromised in the incident includes full names and Social Security numbers and that those affected by the breach now face a heightened risk of fraud and identity theft, among other harm.
Filed by two former CPK employees, the complaint contends that the risk of a cyberattack and the potential disclosure of current and former employees’ data was foreseeable to California Pizza Kitchen, who the case claims stored the affected information in “a reckless manner.”
“Plaintiffs’ and Class Members’ identities are now at risk because of CPK’s negligent conduct because the Private Information that CPK collected and maintained is now in the hands of data thieves,” the filing reads, stressing that data stolen in the incident can be used to commit “a variety of crimes” against consumers.
The case relays that information California Pizza Kitchen collects from current and former employees in the ordinary course of business includes names; addresses; phone, driver’s license and Social Security numbers; dates of birth; email addresses; and genders. The restaurant had a duty to safeguard the collected data from the cyberattack it discovered on October 4, the suit stresses.
According to the lawsuit, California Pizza Kitchen failed to comply with Federal Trade Commission guidelines and industry standards in the run-up to the cyberattack.
The case looks to represent all persons whose personally identifiable information stored or possessed by California Pizza Kitchen was subject to the data breach announced by the restaurant on or about November 15, 2021. According to the filing, more than 100,000 individuals may be covered by the proposed class action.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Before commenting, please review our comment policy.