Morley Companies Facing Class Action Over August 2021 Data Breach
by Erin Shaak
Miller et al. v. Morley Companies, Inc.
Filed: February 11, 2022 ◆§ 1:22-cv-10284
Morley Companies faces a class action over an August 2021 ransomware attack during which employees’ personal information was reportedly compromised.
Morley Companies, Inc. faces a proposed class action over an August 2021 ransomware attack during which employees’ personal information was reportedly compromised.
According to the 49-page lawsuit, Morley Companies, a business-to-business customer service provider, maintained employee data on its computer network unencrypted and otherwise “in a condition vulnerable to cyberattacks.” The case alleges that although the mechanism for the cyberattack, i.e., ransomware, was a “known risk” to the defendant, Morely Companies nevertheless failed to take reasonable steps to secure workers’ personal information from unauthorized disclosure.
Per the complaint, the data compromised in the breach included employees’ names, dates of birth, Social Security and driver’s license numbers and health insurance information.
The lawsuit argues that data breach victims now face “a heightened and imminent risk” of identity theft and fraud and must monitor their financial accounts for years to come to detect and mitigate the potential misuse of their sensitive information.
As the case tells it, Morley first discovered evidence of a data breach in August 2021, when, as the company later reported, “our data became unavailable.” Per the suit, the defendant determined that ransomware had been installed on its systems and that files containing employees’ personal information had been accessed.
The lawsuit claims Morley could have prevented the data breach by adequately safeguarding its network, including by encrypting files containing employees’ personal information, or could have discovered the breach sooner had it properly monitored its systems.
The case goes on to contend that the defendant failed to provide timely and accurate notice of the data breach. Though Morley claims to have discovered the breach in August, notice was not sent to victims until January 2022, the suit says. Moreover, although Morley represented in the data breach notice that employees’ information “may” have been accessed, the fact that the company sent notice of the breach at all indicates that there was a “more than low probability” that sensitive information was compromised, the lawsuit contests.
“Morley’s notice is therefore misleading and incomplete, when it knows with reasonable certainty that Plaintiffs’ and Class Members’ Private Information was accessed,” the complaint alleges.
The case looks to represent anyone whose private information was maintained on Morley’s computer systems and compromised in the data breach and who was sent notice of the breach.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.