Erickson Demel & Associates Failed to Protect Consumer Data from Hackers, Class Action Claims

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action lawsuit claims Erickson Demel & Associates, PLLC “lost control” of 3,000 people’s personal information during a cyberattack in January 2023.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

According to the 30-page case, the Texas-based accounting and tax services provider failed to maintain reasonable data security measures and insufficiently trained its employees in cybersecurity, leading to a breach of its cloud-based file management system. These failures put consumers’ personal information in a “vulnerable position” and meant the company’s systems were “easy targets for cybercriminals,” the complaint contends.

The 30-page lawsuit says that though the company first detected unauthorized access to its computer network on January 14, a subsequent investigation revealed that hackers had in fact gained entry to its system five days earlier. The suit relays that the data breach exposed the personal information of 3,007 current and former clients and their employees, including, but not limited to, their names, home addresses, Social Security numbers, driver’s license numbers, financial account details, and credit and debit card numbers.

The filing argues that Erickson Demel & Associates had “no effective means to prevent, detect, stop, or mitigate breaches of its systems—thereby allowing cybercriminals unrestricted access to the [private data] that [the company] maintained.”

The defendant also delayed notifying victims of the data breach until early March of this year, almost 55 days after it purportedly detected the cyberattack, the lawsuit claims. The delay left victims “in the dark” and destroyed their chances of taking early steps to mitigate the consequences of the disclosure of their information, the suit charges.

As the case tells it, the company has “done little” to make amends for its negligent conduct. Though it has reportedly offered credit and identity monitoring services, the complaint argues that this gesture is “wholly insufficient to compensate [victims] for the injuries that [the defendant] inflicted upon them.”

The plaintiff, a Kentucky resident and employee of a client company, received notice on March 21 of this year that her sensitive personal information had been compromised in the breach, the filing states. Like other victims, the woman faces an acute risk of identity theft, fraud, and other illegal schemes because her data is now in “the hands of cybercriminals,” the case claims.

The lawsuit looks to represent anyone in the United States whose personal information was compromised in the data breach discovered by Erickson Demel & Associates, PLLC in January 2023.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.