Nautic Partners Data Breach Lawsuit Says Private Equity Firm Failed to Protect Data from Hackers

New to ClassAction.org? Read our Newswire Disclaimer

Nautic Partners faces a proposed class action over an early-2023 cyberattack that compromised the personal information of more than 7,800 people.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 41-page Nautic Partners data breach lawsuit relays that the Rhode Island-based private equity firm was targeted by a notorious cybercriminal gang known as LockBit in early 2023. According to a notice letter sent to victims last month, the hacker group gained access to the company’s network and certain files stored therein between February 23 and April 5, 2023, though the case notes that the precise timeframe of the incident is “unclear.”

The data breach suit contends that Nautic Partners, who announced the breach in January 2024, has been “less than forthcoming” about the details of the incident. In any case, reports suggest the hacker group has already posted the stolen data for sale on the dark web.

Per the complaint, the cyberattack compromised at least full names and Social Security numbers but also may have exposed driver’s license or government-issued ID numbers, passport numbers, medical records, financial account details and credit and debit card numbers. According to the suit, Nautic Partners “has not explained its relationship” to the persons whose information was exposed in the data breach, as victims may be current and former employees and/or customers.

Despite Nautic Partners’ duty to safeguard the information in its care, the firm negligently failed to maintain adequate cybersecurity protocols, making the sensitive data an “easy target[] for cybercriminals,” the filing claims.

The suit also takes issue with the defendant’s delayed notification of victims, arguing that the firm—which waited nearly a year after the incident began before distributing notice letters to impacted individuals—has unfairly deprived consumers of the chance to promptly take steps to mitigate the consequences of the data breach.

The case alleges that the breach—the company’s second in recent years—reveals a “pattern of negligent data security” by Nautic Partners.

The lawsuit looks to represent anyone in the United States whose personal information was compromised in the data breach discovered by Nautic Partners in 2023, including those who received notice of the incident.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.