Financial Software Company Alogent Failed to Protect Customer Data from Hackers, Class Action Says

New to ClassAction.org? Read our Newswire Disclaimer

Software company Alogent Holdings, Inc. faces a proposed class action over a “massive” cyberattack that reportedly began in May 2023 and affected more than 4,500,000 individuals.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 40-page lawsuit says that the Atlanta-based company, which provides digitization and automation services to financial institutions, announced in August of this year that it had been impacted by a ransomware attack that targeted MOVEit, a file transfer platform Alogent uses to exchange data with clients.

As a result, the private information of Alogent clients and their customers was compromised when cybercriminals gained access to the MOVEit software between May 30 and June 1, 2023, the suit relays. Per the case, the data breach exposed at least individuals’ names, addresses, bank account and routing numbers, phone numbers, and check payees and remittance amounts.

According to the complaint, the United States Cybersecurity and Infrastructure Security Agency attributed the cyberattack to a ransomware gang known as Cl0p, which was able to tap into the MOVEit servers by exploiting a vulnerability in the software. Investigations following the incident revealed that the cybergang had been aware of MOVEit’s security weakness since 2021 and had been subsequently testing ways to exploit it, the filing describes.

The lawsuit contends that despite Alogent’s obligation to safeguard the consumer data in its care, the company failed to implement basic cybersecurity protocols and ensure its business vendor maintained reasonable data security standards.

The suit also takes issue with Alogent’s arguably delayed notification of victims. Though the cyberattack reportedly began in late May 2023, the company waited until mid-August to alert impacted individuals to the unauthorized disclosure of their information, the case states.

The plaintiff, a Michigan resident and customer of an Alogent client, received on August 14 a notice that stated that her private data had been compromised in the breach, the complaint says. Like other victims, the woman now faces a lifetime of privacy risks, the filing charges.

“As a result of the Data Breach, [the plaintiff] and similarly situated individuals are now at a significantly increased and certainly impending risk of fraud, identity theft, and similar forms of criminal mischief, risk which may last for the rest of their lives,” the case argues. “Consequently, [the plaintiff] and similarly situated individuals must devote substantially more time, money, and energy to protect themselves, to the extent possible, from these crimes.”

The lawsuit looks to represent anyone in the United States or its territories whose personal information was compromised during the Alogent data breach, which was announced on or about August 14, 2023.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.