Lincare Holdings Inc. (Lincare), recently entered into a mediated settlement with its employees regarding a data breach that took place on February 3, 2017. On that date, a cyber-criminal posing as a high-level Lincare executive emailed a human resources employee requesting W-2 data for some of its employees. The human resources employee emailed the information to the “executive,” who was actually a hacker, compromising the information. As a result, Lincare notified the current and former employees affected by the incident about the data breach and provided two years of complimentary credit monitoring.

Several of the employees filed suit against Lincare alleging negligence, breach of fiduciary duty, breach of implied contract, and violation of Florida’s Deceptive and Unfair Trade Practices Act. The parties submitted the matter to mediation, resulted in the settlement.

The settlement includes no admission of liability of Lincare. A settlement fund has been established in the amount of $875,000 to reimburse the class members for out-of-pocket expenses (up to $1,000 each) or incidents (up to $500 each), an offer of enhanced credit and identity monitoring and protection services, and non-monetary relief, which includes the adoption and maintenance of enhanced data security measures. The amount awarded to the plaintiffs’ attorneys for fees was not disclosed in the settlement agreement.