ACTS Retirement Services, Inc. (ACTS), a non-profit corporation that manages retirement communities, suffered a data breach in April 2022, which led to unauthorized access to thousands of current and former employees’ personal information. Specifically, names, Social Security numbers, and financial information were effected. As a result of this incident, ACTS now faces a data breach class action suit in which the plaintiffs allege that ACTS failed to implement adequate security systems to protect employee information, which led to the access of their information by cyber criminals. The complaint alleges that the incident will lead to a heightened risk of identity theft and fraud for all affected individuals. Furthermore, the complaint alleges that the credit monitoring and identity theft protection services offered were insufficient to protect the proposed class members.

The lead plaintiff in the action claims that ACTS retains employees’ information for years and “even decades” after they stop working at the business.

This class action may act as a reminder to reassess the data your own company collects, how it is stored, maintained and protected, and to determine your business need and any legal requirements around retention of those data so that you can destroy or delete any data that you no longer need or are required to retain. To view the class action complaint, click here.