CentiMark to Blame for August 2022 Data Breach, Class Action Alleges

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action lawsuit claims CentiMark Corporation’s “outdated” and “negligent” cybersecurity practices resulted in a data breach purportedly discovered by the company in August 2022.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 34-page lawsuit says that though the Pennsylvania-based commercial roofing company first detected unauthorized access to its computer systems on August 11, a subsequent investigation revealed that cybercriminals had intermittently hacked the servers beginning on August 7. The suit relays that the breach compromised the personal information of thousands of current and former employees, including their names, dates of birth, Social Security numbers and driver’s license numbers.

According to the case, the cyberattack was a direct result of CentiMark’s failure to implement adequate cybersecurity measures to protect employees’ private data. The company’s use of “outdated and insecure” software meant its computer systems were vulnerable and “easy to hack,” the complaint argues.

The filing additionally takes issue with the defendant’s delayed notification of data breach victims. Although CentiMark purports to have discovered the unauthorized activity in August 2022, notices were not sent to those impacted until early December, almost four months later, the lawsuit reports.

The delayed notification left victims vulnerable and eliminated their chances of taking early action to mitigate the harmful effects of the unauthorized disclosure of their data, the suit argues.

The notices themselves provided little detail as to the nature of the breach, how many people were affected or why it took so long to inform victims, the case adds.

“Further, the [notice letter] makes clear that CentiMark cannot, or will not, determine the full scope of the Data Breach, as it has been unable to determine exactly what information was stolen and when,” the complaint says.

The company has purportedly offered up to two years of credit monitoring services to those impacted by the breach, but the filing charges that this gesture fails to compensate for the “lifelong harm that victims will face” as a result of the cyberattack.

The plaintiff, a Pennsylvania resident and former CentiMark employee, received notice in December of this year that his sensitive personal information had been compromised in the data breach, the suit relays. The man, like other victims, must now cope with a significantly increased risk of fraud, identity theft and other illegal schemes as a result of the company’s negligence, the case claims.

The lawsuit looks to represent any Pennsylvania residents who are current or former employees of CentiMark Corporation and whose personal information was compromised in the data breach.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.