Timios Facing Class Action Over July 2021 Data Breach
by Erin Shaak
Waters et al. v. Timios, Inc.
Filed: November 4, 2021 ◆§ 2:21-cv-08709
Timios faces a class action that claims the real estate transaction services company failed to protect customers’ personal information from unauthorized access.
Timios, Inc. faces a proposed class action that claims the real estate transaction services company failed to protect customers’ personal information from unauthorized access.
At issue in the 30-page lawsuit is a July 2021 data breach in which hackers reportedly gained entrance to certain devices in Timios’s network and for seven days maintained “unfettered access” to the data stored therein, including customers’ names and dates of birth; Social Security, driver’s license, state-issued ID, passport, tax identification, military identification and financial account numbers; and payment card details.
The case claims the breach was a direct result of the defendant’s failure to implement reasonable safeguards to protect consumers’ sensitive information, comply with industry-standard data security practices, properly train employees on cybersecurity measures, detect unauthorized access to its systems and timely notify those whose information was compromised.
“As a large and successful company, Defendant had the resources to invest in the necessary data security and protection measures,” the complaint attests. “Yet, Defendant failed to exercise reasonable care in the hiring and/or supervision of its employees and agents and failed to undertake adequate analyses and testing of its own systems, adequate personnel training, and other data security measures to avoid the failures that resulted in the Data Breach.”
The lawsuit alleges Timios, a title and escrow service company that offers real estate transaction services, collects and stores a “massive amount” of personally identifiable customer information in the course of doing business, and represents in its privacy policy that it will maintain adequate safeguards to protect the data.
Nevertheless, unauthorized actors were able to gain access to the Timios network between July 19 and 25, 2021, the suit says. Had the defendant implemented and maintained reasonable data security protocols and procedures and complied with standard industry practices, the breach could have been prevented, the complaint contends.
Moreover, Timios compounded the damage to consumers whose information was compromised in the incident by waiting until October to notify them, the case says. The suit argues that there is “no excuse” for failing to provide timely notice to victims of a data breach.
The case claims that those affected in the Timios data breach now face “a real and imminent substantial risk of identity theft and other problems” associated with the unauthorized disclosure of their Social Security numbers and other personal information.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.