in Newswire Published on May 12, 2017

Jan. '17 Phishing Attack Sparks Class Action Against Schurman Fine Papers

by Corrado Rizzi

Last Updated on May 8, 2018

View Comments

Sung et al v. Schurman Fine Papers

Filed: May 12, 2017 § 3:17-cv-02760

Read Complaint

Seven individuals have put their names on a proposed class action over the fallout from a January 18, 2017 phishing attack against defendant Schurman Retail Group.

Defendant(s)

Schurman Fine Papers

Law(s)

State(s)

California

Categories

Data Breach

Seven individuals have put their names on a proposed class action over the fallout from a January 18, 2017 phishing attack, as well as identity theft allegedly caused the data breach, against defendant Schurman Fine Papers, which does business as Schurman Retail Group.

The plaintiffs’ 19-page lawsuit claims a cybercriminal, pretending to be the company’s chief financial officer, sent a “phishing email” to employees in early 2017. According to the complaint, the emails requested all individuals employed by Schurman Retail Group in 2016 forward copies of their W-2 IRS tax forms, documents that contained proposed class members’ addresses, salaries, and Social Security numbers.

The lawsuit, filed in California, takes issue with how Schurman Retail Group handled the data breach from there, noting that a number of current and former employees have reportedly been victims of identity theft since the phishing episode. Further, the case takes umbrage with the ostensible lack of adequate security measures, alerts, and training for such occurrences within the company. From the lawsuit:

“It is remarkable that SRG fell for this trap. Such ‘phishing’ or ‘spoofing’ attacks on businesses are not new and are widely reported in the media. Moreover, in 2016 and in 2017, the IRS published and issues alerts to payroll and human resources professionals warning them of phishing schemes designed to obtain personal information, such as W-2s for puroses of monetizing data, including by filing fraudulent tax returns for refunds.
Despite widespread warnings, SRG failed to implement proper security measures and/or adequately train staff handling sensitive employee information, such as the W-2 information. Now, SRG’s former and current employees must pay the price.”

The lawsuit claims Schurman Retail Group did not find out about the January 2017 data attack until March, when “employees began reporting that fraudulent tax returns had been filed in their names.”

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on May 8, 2018 — 1:55 PM

Corrado Rizzi

corrado@classaction.org

Corrado Rizzi is the Senior Managing Editor of ClassAction.org.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.