Class Action Says Honeywell Failed to Prevent May 2023 Data Breach [UPDATE]

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action alleges Honeywell International failed to protect individuals’ private information from a May 2023 data breach.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 40-page case says that after Honeywell, a North Carolina-based technology and manufacturing company, detected “unusual activity” on some of its computer systems in early June 2023, a subsequent investigation revealed that an unauthorized party had gained access to certain files that contained sensitive information on May 27 of this year.

According to the lawsuit, the defendant waited until September 13 to inform affected individuals of the incident and disclose that their names and Social Security numbers may have been impacted.

“As a result of this delayed response, [the plaintiffs and class members] had no idea for over three months that their Private Information had been compromised, and that they were, and continue to be, at significant risk of identity theft and various other forms of personal, social, and financial harm,” the complaint stresses. “The risk will remain for their respective lifetimes.”

Honeywell’s notice letter indicates that the data breach compromised information related to a pension plan the company was administering and occurred amid the widespread cyberattack on MOVEit, a popular file transfer tool. 

The filing contends the cyberattack was a result of Honeywell’s failure to implement adequate data security practices and properly monitor the computer network and systems that housed highly sensitive data.

Per the complaint, Honeywell was “at all times fully aware” of its legal obligation to safeguard consumers’ private information from the “known risk” of a data breach, yet nevertheless maintained such data in a condition that was “vulnerable to an attack.”

What’s more, the defendant has offered no assurance to victims that all personal data or copies of data exposed in the breach have been recovered or destroyed or that the company has since enhanced its cybersecurity practices to prevent future attacks, the case says.

The complaint notes that one plaintiff, a Minnesota resident who received a notice letter informing her that her data was exposed during the breach, was employed by Honeywell over 25 years ago. Another plaintiff, a Kentucky resident who also received a notice letter from Honeywell, says he has no idea how the company obtained his private information.

The lawsuit looks to represent anyone in the United States who had private information accessed and/or acquired as a result of the data breach experienced by Honeywell International, including all who were sent a notice of the incident.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.