Timios Facing Class Action Over July 2021 Data Breach

New to ClassAction.org? Read our Newswire Disclaimer

Timios, Inc. faces a proposed class action that claims the real estate transaction services company failed to protect customers’ personal information from unauthorized access.

At issue in the 30-page lawsuit is a July 2021 data breach in which hackers reportedly gained entrance to certain devices in Timios’s network and for seven days maintained “unfettered access” to the data stored therein, including customers’ names and dates of birth; Social Security, driver’s license, state-issued ID, passport, tax identification, military identification and financial account numbers; and payment card details.

The case claims the breach was a direct result of the defendant’s failure to implement reasonable safeguards to protect consumers’ sensitive information, comply with industry-standard data security practices, properly train employees on cybersecurity measures, detect unauthorized access to its systems and timely notify those whose information was compromised.

“As a large and successful company, Defendant had the resources to invest in the necessary data security and protection measures,” the complaint attests. “Yet, Defendant failed to exercise reasonable care in the hiring and/or supervision of its employees and agents and failed to undertake adequate analyses and testing of its own systems, adequate personnel training, and other data security measures to avoid the failures that resulted in the Data Breach.”

The lawsuit alleges Timios, a title and escrow service company that offers real estate transaction services, collects and stores a “massive amount” of personally identifiable customer information in the course of doing business, and represents in its privacy policy that it will maintain adequate safeguards to protect the data.

Nevertheless, unauthorized actors were able to gain access to the Timios network between July 19 and 25, 2021, the suit says. Had the defendant implemented and maintained reasonable data security protocols and procedures and complied with standard industry practices, the breach could have been prevented, the complaint contends.

Moreover, Timios compounded the damage to consumers whose information was compromised in the incident by waiting until October to notify them, the case says. The suit argues that there is “no excuse” for failing to provide timely notice to victims of a data breach.

The case claims that those affected in the Timios data breach now face “a real and imminent substantial risk of identity theft and other problems” associated with the unauthorized disclosure of their Social Security numbers and other personal information.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.