IBM Hit with Class Action Over May 2023 Cyberattack
Wedeking v. International Business Machines Corporation
Filed: August 30, 2023 ◆§ 7:23-cv-07740-PMH
International Business Machines Corporation (IBM) faces a class action lawsuit over a May 2023 data breach that reportedly impacted millions of individuals.
New York
International Business Machines Corporation (IBM) faces a proposed class action lawsuit over a May 2023 data breach that reportedly impacted millions of individuals.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 35-page lawsuit claims IBM is to blame for the exposure of personal information entrusted to it by its client businesses—including the Colorado Department of Health Care Policy and Financing (HCPF). The complaint explains that the cyberattack targeted MOVEit, a popular file transfer platform owned by Progress Software Corporation (PSC), a software company with which IBM contracts.
In HCPF’s case alone, nearly 4.1 million consumers whose data was given to IBM by the agency had their personal information compromised when cybercriminals infiltrated PSC’s MOVEit software around May 28 of this year, the filing says.
According to the suit, the personal information exposed in the data breach included at least individuals’ full names, Social Security numbers, dates of birth, home addresses, Medicaid and Medicare ID numbers, contact details and demographic or income information. Per the case, the attack also compromised consumers’ health insurance information and medical data, such as diagnoses, conditions, lab results, medications and other treatment details.
The complaint argues that IBM “critically failed” to ensure the private data entrusted to it was safeguarded, including by properly vetting and monitoring its third-party software vendors.
To make matters worse, the defendant never directly informed victims of the breach, the filing claims. Instead, HCPF consumers like the plaintiff, a Colorado resident who received notice from the governmental department in August 2023, were left in the dark for almost 10 weeks after the incident purportedly occurred, the lawsuit alleges.
As the company that hired PSC, IBM should have been responsible for sending out notice letters to breach victims, the suit contends. However, because of “IBM’s incompetent response to the data breach,” impacted individuals have lost valuable time that they could have used to mitigate the harms associated with the unauthorized disclosure of their information, such as identity theft and fraud, the case claims.
The lawsuit looks to represent anyone in the United States whose private information was maintained by IBM and affected by the data breach.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.