Artech Information Systems settled a data breach class action this week for an incident that occurred in January 2020. Artech will pay up to $10,000 to each individual affected by the breach, based on a tiered payment system.
Artech, a staffing company specializing in placement for IT staff and project services, was the victim of a ransomware attack in January 2020 that resulted in unauthorized access to confidential information concerning about 30,000 current and former employees. During the attack, the hackers opened and downloaded thousands of employee files that contained employees’ names, addresses, telephone numbers, Social Security numbers, and dates of birth. The unauthorized access occurred over a three-day period, but upon discovery, Artech was able to mitigate the attack within six hours . However, Artech did not notify its employees of the incident until several months after resolving the breach.
The class alleged that Artech failed to protect their personal information through reasonable cyber security measures and failed to make prompt notification to its employees. The class further alleged that Artech’s failures increased their risk for identity theft and fraud.
Under the terms of the class action settlement, all class members are eligible for three years of credit monitoring and identity protection services, and cash compensation is available for class members who suffered fraud as a result of the incident. The cash compensation is structured as tiered payments:
- Tier 1: Up to $80 in payments for lost time at a rate of $26.67 per hour, capped at three hours; available to class members who provide documentation of time spent addressing the breach.
- Tier 2: Up to $10,000 in out-of-pocket losses resulting from the breach; available to class members for losses resulting from identity theft or other fraud enabled by the access to/disclosure of personal information (documentation must be provided).
The exclusion deadline was Jan 7, 2022, and all class members eligible for cash compensation must submit a valid claim by February 26, 2022. Class members will have until May 10, 2022, to submit a request for the free credit monitoring. This settlement is just another reminder for businesses to secure and protect their systems and data, and to check in with their insurance brokers to make sure that cyber incidents and data breach class actions like this are covered.