Hanes Responsible for 2022 Data Breach, Class Action Says [UPDATE]

New to ClassAction.org? Read our Newswire Disclaimer

Thousands of current and former Hanesbrands, Inc. employees have had their personal information exposed in a 2022 data breach that the international clothing and apparel business failed to prevent, a proposed class action alleges.

The 68-page case argues that the cyberattack, detected on May 24 of last year, directly resulted from Hanes’ failure to implement adequate cybersecurity procedures. Because the company maintained data on its network in a “reckless manner,” cybercriminals now have access to employees’ first and last names, Social Security numbers, dates of birth, government-issued identification numbers (such as driver’s license numbers), addresses, certain health information and financial account information, the complaint asserts.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

Although data breaches are a well-known and foreseeable threat to companies that store private information, Hanes “intentionally, willfully, recklessly, or negligently” failed to properly safeguard its equipment and computer files containing this data, the filing argues. Indeed, Hanes overlooked standard and reasonable measures designed to prevent cyberattacks, such as those made available by the United States Government, the United States Cybersecurity & Infrastructure Security Agency and the Federal Trade Commission, the complaint states.

The suit further charges that Hanes failed to provide victims with prompt and accurate notice of the breach. On September 30, four months after the ransomware incident came to light, the company finally admitted in a letter that “some of [its employees’] information was impacted in the event,” the case relays.

However, Hanes has yet to inform affected individuals of pertinent details surrounding the cyberattack, such as “the root cause of the Data Breach, the vulnerabilities exploited, whether Defendant’s system is still unsecured, why it took over four months to inform impacted individuals after Defendant first detected the Data Breach, and the remedial measures undertaken to ensure such a breach does not occur again,” the complaint reads.

The suit says that Hanes has also failed to mention whether the compromised information was retrieved or if it remains in the hands of cybercriminals, although the company has allegedly offered victims 24 months of credit and identity monitoring services and instructed individuals to vigilantly watch over their financial accounts for years to come. These instructions, the case argues, are “an acknowledgment that the impacted individuals are subject to a substantial and imminent threat of fraud and identity theft.”

The consequences of Hanes’ negligence are dire, the case says: affected individuals now face a “heightened and imminent” risk of fraud and identity theft as their information may get bought and sold on the dark web, the suit contends. For some, criminal activity resulting from the data breach may not materialize for years, the case warns.

“Plaintiff and Class Members may also incur out of pocket costs for, e.g., purchasing credit monitoring services, credit freezes, credit reports, or other protective measures to deter and detect identity theft,” the filing states.

The plaintiff, a former Hanesbrands employee, claims that she has already experienced fraudulent activity under her name, and as a result, the woman has been evicted from her residence, been denied a loan to purchase a vehicle and lost over $15,000 to fraudulent charges, according to the complaint. An unknown actor has also attempted to fraudulently open new financial accounts under her name, the suit adds.

The lawsuit looks to cover anyone whose private information was maintained on Hanesbrand’s computer systems that were compromised in the data breach detected on May 24, 2022 and who was sent notice of the data breach letter.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.