Infrastructure Construction Company MasTec Failed to Protect Employee Data from Hackers, Class Action Says

New to ClassAction.org? Read our Newswire Disclaimer

MasTec, Inc. has been hit with a proposed class action over a May 2023 cyberattack that affected approximately 22,000 current and former employees.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 40-page lawsuit relays that the Florida-based civil engineering and construction company was impacted by a widespread ransomware attack that targeted MOVEit, a file transfer platform used by third-party MasTec vendor Delta Dental Plans Association. Delta Dental provides dental insurance to those enrolled in the defendant’s Care Opt Plus Group Benefits Plan for Hourly and Salaried Employees, the complaint says.

As a result, the private information of MasTec employees was compromised when cybercriminals gained access to Delta Dental’s MOVEit software between May 27 and May 30 of this year, the suit shares. Per the case, the data breach at least exposed workers’ names, Social Security numbers, dates of birth, genders, member contact details, member IDs, eligibility dates and provider information.

Related Reading: 2023 MOVEit Data Breach Lawsuits

According to the complaint, the cyberattack, which was perpetrated by the notorious hacker group Cl0p, has reportedly affected almost 2,600 companies and organizations to date.

The filing claims that the data breach was a direct result of MasTec’s “grossly inadequate” cybersecurity protocols. As the lawsuit tells it, the company “negligently” failed to take reasonable measures to ensure employees’ personal information was properly protected.

“[The plaintiff] and other Class Members' identities are now at substantial and imminent risk because of [MasTec’s] negligent conduct since the [personally identifiable information] that [the defendant] collected and maintained (including Social Security numbers) is now in the hands of cybercriminals,” the suit charges.

What’s more, the company reportedly waited 153 days—roughly five months—after the incident occurred before notifying victims in late October 2023, the case states. The plaintiff, a former MasTec employee residing in South Carolina, says he received notice on October 27 informing him that his private data had been compromised in the breach.

“153 days is plenty of time for a hacker to use [the plaintiff's] information,” the complaint argues, adding that “many files are often accessed by bad actors within 12 hours of a breach.”

Like other victims, the plaintiff now faces an increased risk of identity theft and fraud as a result of the company’s negligence, the filing alleges.

The lawsuit looks to represent anyone in the United States whose personal information was stored on MasTec, Inc.’s computer systems and who was informed via notice of the company’s May 2023 data breach.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.