Government Contractor Mission Essential Hit with Class Action Over Reported Data Breach Announced in July 2023

New to ClassAction.org? Read our Newswire Disclaimer

The Mission Essential Group faces a proposed class action over a cyberattack that potentially exposed the private data of thousands of current and former employees.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

According to a July 2023 notice letter, the government contractor was notified by federal law enforcement authorities in September 2022 of a “potential incident” wherein an unauthorized third party may have gained access to certain Mission Essential email accounts and the sensitive information contained therein.

Per the 29-page lawsuit, a subsequent investigation revealed that cybercriminals potentially acquired the names and Social Security numbers of at least thousands of current and former employees and contractors, as well as those of their spouses, dependents and beneficiaries.

The notice letter relays, however, that, following the investigation, the company was “unable to validate the reports from law enforcement and confirm unauthorized access to Mission Essential email accounts occurred.”

The suit argues that Mission Essential, which provides translators and interpreters to the U.S. government and other intelligence and military clients, failed to adequately train its IT and data security employees and implement up-to-date cybersecurity practices to safeguard the highly confidential information stored in its network.

“So inadequate were [the defendant’s] cyber and data security systems and measures, that [Mission Essential] admitted it was unable to identify when the data breach occurred, how its network was hacked, and if it was cybercriminals, terrorists, or hostile government actors that perpetrated the hack,” the case charges. “Further, [the defendant] intentionally obfuscated the circumstances surrounding how the federal law enforcement authorities discovered [Mission Essential’s] breach.”

The complaint also contends that the company’s notice to victims was both untimely and inadequate. Though Mission Essential purportedly learned of the incident in September 2022, it waited an “appalling” ten months before notifying affected individuals in July of this year, the filing shares.

Per the lawsuit, the notice letter “obfuscated the nature of the breach” and the risks it posed, and “[refused] to tell its victims how many people were impacted, why it required federal law enforcement authorities to alert [Mission Essential] about the breach, or why it took the defendant ten months to begin notifying some of its victims that hackers had gained access to highly sensitive [personally identifiable information].”

The plaintiff, a Georgia resident and former Mission Essential employee, received notice in July of this year informing him that his private data may have been compromised in the breach, the suit says. The man claims that since the incident, he has begun receiving cryptocurrency links and “strange and concerning military-related emails, including fraudulent offers for a military translation job, that appear to be of Russian origin.”

Mission Essential has not only exposed the plaintiff and other victims to a greater risk of identity theft and fraud, but to “imminent physical danger from hostile government actors and terrorists due to the highly valuable and sensitive geo-political translation work” they performed as language experts, the suit alleges.

The lawsuit looks to represent anyone in the United States whose personal information was accessed without authorization in the data breach reportedly experienced by Mission Essential, including those who received a notice of the incident.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.