Wing Financial Facing Class Action Over Months-Long Data Breach Affecting 240K Consumers
Deevers v. Wing Financial Services LLC
Filed: December 12, 2022 ◆§ 4:22-cv-00550-CVE-JFJ
A class action alleges Wing Financial is to blame for a data breach that reportedly occurred from September 2020 through January 2022.
A proposed class action alleges Wing Financial is to blame for a data breach that reportedly occurred from September 2020 through January 2022 and exposed the personal and health information of approximately 240,772 consumers.
The 32-page complaint stresses that Wing Financial, a financial services company owned and operated by tax-preparation group Jackson Hewitt, had an obligation to safeguard consumers’ sensitive data. Instead, the Oklahoma-based company failed to implement and maintain reasonable cybersecurity procedures, allowing an unknown third party to access its servers for nearly a year and a half, the case alleges.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
Per the filing, the compromised data potentially includes customers’ names; addresses; dates of birth; unique biometric information; Social Security numbers; driver’s license numbers or other state identification card numbers; individual tax identification numbers; passport numbers or other government IDs; tax identification numbers; financial account numbers with access codes; payment card numbers; health insurance policy numbers; and medical treatments/histories.
The suit argues that Wing Financial failed to provide timely, accurate and adequate notice of the cyberattack to affected individuals. According to the case, the breach was discovered by Wing in August 2022, almost two years after the incident is believed to have commenced. Wing Financial did not determine that personally identifiable information had been exposed until November 10 and then waited until December 1 to begin notifying victims, the complaint states.
According to the case, Wing Financial has violated the Federal Trade Commission Act and the Health Insurance Portability and Accountability Act (HIPAA) by failing to comply with applicable industry standards to protect consumers’ confidential personal and health information.
To make matters worse, the FBI in August 2014 explicitly warned companies like Wing Financial that cybercriminals notoriously target systems that store protected healthcare information and personally identifiable information, the suit says.
“Plaintiff and other Class Members now face an increased risk of identity theft, particularly due to the dissemination of their Social Security Number, and will consequentially have to spend, and will continue to spend, significant time and money to protect themselves due to Defendant’s Data Breach,” the filing reads.
The lawsuit looks to represent anyone in the United States whose personally identifiable information was compromised in the data breach as disclosed by Wing Financial on or around December 1, 2022.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.