Data Breach Lawsuit Claims VeriSource Services Failed to Prevent February 2024 Cyberattack

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action lawsuit alleges deficient cybersecurity on the part of VeriSource Services, Inc. resulted in a February 2024 data breach.

Get the latest open class action lawsuits sent to your inbox. Sign up for ClassAction.org’s free weekly newsletter.

The 51-page data breach lawsuit relays that the Houston-based company, which provides employee benefits administration and data management services, discovered unusual activity on certain computer systems on February 28, 2024. According to the case, an investigation following the system disruption determined that an unauthorized third party had gained access to the network and certain personal information stored therein.

Per the suit, the VeriSource Services data breach compromised the names and Social Security numbers of clients’ current and former employees—highly confidential information that the complaint claims the company stored unencrypted and unredacted in its computer systems.

Despite its legal duty to protect the personal data in its care, VeriSource Services negligently failed to take adequate measures to secure its network against unauthorized intrusion, the filing contends. As the class action lawsuit tells it, the incident could have been prevented had the defendant properly encrypted the information or maintained data security practices in line with industry standards.

Indeed, the suit argues, VeriSource Services should have been fully aware of the risk of being targeted by cybercriminals given the ubiquity of data breaches in recent years and the prevalence of public announcements and warnings by cybersecurity experts.

Nonetheless, the company “recklessly” failed to protect consumers’ private information from falling into the hands of data thieves, who can now use it to commit identity theft, fraud and numerous other cybercrimes, the case alleges.

In addition, although the defendant purports to have learned of the incident in February of this year, it waited until late last month to begin to notify victims, the complaint shares. Per the filing, the notices themselves provide little in the way of explanation, omitting crucial details about the nature of the cyberattack, the identity of the perpetrators and what steps are being taken to secure stored data in the future.

“Without these details, [the plaintiff’s] and Class Members’ ability to mitigate the harms resulting from the Data Breach is severely diminished,” the case asserts.

The VeriSource Services lawsuit looks to represent anyone in the United States whose private information was accessed and/or acquired by an unauthorized third party as a result of the data breach reported by the defendant in August 2024.

Check out ClassAction.org's lawsuit list for the latest open class action lawsuits and investigations.