Wing Financial Facing Class Action Over Months-Long Data Breach Affecting 240K Consumers
Deevers v. Wing Financial Services LLC
Filed: December 12, 2022 ◆§ 4:22-cv-00550-CVE-JFJ
A class action alleges Wing Financial is to blame for a data breach that reportedly occurred from September 2020 through January 2022.
A proposed class action alleges Wing Financial is to blame for a data breach that reportedly occurred from September 2020 through January 2022 and exposed the personal and health information of approximately 240,772 consumers.
The 32-page complaint stresses that Wing Financial, a financial services company owned and operated by tax-preparation group Jackson Hewitt, had an obligation to safeguard consumers’ sensitive data. Instead, the Oklahoma-based company failed to implement and maintain reasonable cybersecurity procedures, allowing an unknown third party to access its servers for nearly a year and a half, the case alleges.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
Per the filing, the compromised data potentially includes customers’ names; addresses; dates of birth; unique biometric information; Social Security numbers; driver’s license numbers or other state identification card numbers; individual tax identification numbers; passport numbers or other government IDs; tax identification numbers; financial account numbers with access codes; payment card numbers; health insurance policy numbers; and medical treatments/histories.
The suit argues that Wing Financial failed to provide timely, accurate and adequate notice of the cyberattack to affected individuals. According to the case, the breach was discovered by Wing in August 2022, almost two years after the incident is believed to have commenced. Wing Financial did not determine that personally identifiable information had been exposed until November 10 and then waited until December 1 to begin notifying victims, the complaint states.
According to the case, Wing Financial has violated the Federal Trade Commission Act and the Health Insurance Portability and Accountability Act (HIPAA) by failing to comply with applicable industry standards to protect consumers’ confidential personal and health information.
To make matters worse, the FBI in August 2014 explicitly warned companies like Wing Financial that cybercriminals notoriously target systems that store protected healthcare information and personally identifiable information, the suit says.
“Plaintiff and other Class Members now face an increased risk of identity theft, particularly due to the dissemination of their Social Security Number, and will consequentially have to spend, and will continue to spend, significant time and money to protect themselves due to Defendant’s Data Breach,” the filing reads.
The lawsuit looks to represent anyone in the United States whose personally identifiable information was compromised in the data breach as disclosed by Wing Financial on or around December 1, 2022.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.