Paradies Shops has agreed to a $6.9 million settlement after a ransomware attack exposed sensitive employee data and triggered a class-action lawsuit.
Paradies Shops, an airport retailer, has agreed to a $6.9 million settlement to resolve a class-action lawsuit stemming from a 2020 ransomware attack that compromised the personal data of thousands of employees. A federal judge in Georgia granted preliminary approval this week, marking a step toward finalizing the agreement between the company and the plaintiffs.
The breach reportedly exposed the names, Social Security numbers, and other sensitive details of more than 76,000 current and former Paradies employees.
According to the complaint, cybercriminals gained access to the company’s administrative systems during a five-day window in October 2020. The REvil ransomware group later claimed responsibility for the attack. Paradies, which operates over 1,000 airport-based stores, restaurants, and bars across the U.S. and Canada, waited eight months before notifying affected individuals and relevant state authorities.
The lawsuit alleged that Paradies failed to adequately secure employee data and further harmed victims by delaying disclosure. Plaintiffs also claimed the company deliberately withheld information about the vulnerabilities that enabled the attack.
Paradies denied the allegations but agreed to the settlement to avoid a drawn-out and costly legal process.
In court documents, Paradies stated that the decision to settle was not an admission of wrongdoing but a practical resolution: “Paradies has concluded that further conduct of the Litigation would be protracted and expensive.”
The plaintiffs argued that the company’s delay in informing victims and lack of transparency worsened the impact of the breach.
Paradies Shops didn’t just suffer a ransomware attack, it waited eight months to tell the people whose data was stolen. That delay turned a cybersecurity failure into a reputational one. The $6.9 million settlement isn’t just about the breach; it’s about the cost of staying silent when your employees are left in the dark.
Current and former employees of Paradies Shops whose data was compromised in the 2020 breach may be eligible, depending on the court-approved settlement terms.
Compensation may include monetary payments for documented losses, credit monitoring services, and reimbursement for identity theft-related expenses.
A final approval hearing will be scheduled by the court following the preliminary approval. Exact dates will be included in official settlement notices sent to eligible individuals.
Claimants will need to submit forms via the official settlement website or by mail, once the settlement administrator provides instructions.
They should immediately contact credit bureaus, consider placing fraud alerts, and consult the settlement website for free credit monitoring and support services.