February 2024 Cencora, Lash Group Data Breach Triggers Class Action Lawsuit

New to ClassAction.org? Read our Newswire Disclaimer

Cencora, Inc. and subsidiary Lash Group have been hit with a proposed class action lawsuit over a cyberattack announced in May 2024.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 51-page data breach lawsuit says that Cencora, a pharmaceutical solutions company that conducts industry research and provides medical products and services to the healthcare sector, learned in late February of this year that an unauthorized third party had gained access to its computer systems and stolen certain patient information stored therein.

Per the suit, the incident compromised consumers’ full names, dates of birth, addresses, medical diagnoses, medications and prescriptions.

Although the defendants had a duty to safeguard the patient information in their care, the companies negligently failed to take proper cybersecurity measures to prevent unauthorized intrusion by data thieves, the case claims. The complaint points out that the sensitive information was allegedly stored “unguarded and vulnerable to attack” in Cencora’s computer network.

The Cencora data breach lawsuit adds that the incident was entirely preventable.

“Had Cencora remedied the deficiencies in its information storage and security systems, followed industry guidelines, and adopted security measures recommended by experts in the field, it could have prevented intrusion into its information storage and security systems and, ultimately, the theft of [the plaintiff’s] and Class Members’ confidential private information,” the lawsuit contends.

To make matters worse, the companies waited until May 2024 to notify data breach victims, roughly three months after the incident was reportedly detected, the suit charges. The delay meant that, during that time, impacted individuals were wholly unaware that they were at a heightened and ongoing risk of cybercrimes at the hands of data thieves, the case argues.

The complaint asserts that Cencora and Lash Group have offered “no assurance” that the exposed information has been recovered or deleted, or that the companies have adequately improved their cybersecurity to avoid future data breaches.

The lawsuit looks to represent anyone in the United States whose private information was accessed and/or acquired as a result of the Cencora and Lash Group data breach, including those who were sent notice of the incident.

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.