A Florida worker filed a class-action lawsuit against Paychex, seeking damages and other relief for individuals impacted by a data breach.
A class-action lawsuit was filed against Paychex, a payroll service provider, by a Florida worker. The case was filed in the U.S. District Court for the Western District of New York on July 11, following a data breach in April that exposed workers’ names and Social Security numbers.
The plaintiff claims that Paychex's negligence and inadequate cybersecurity measures allowed the breach. The breach occurred during an information exchange attempt with the State of California that mistakenly granted access to an unauthorized individual.
The lawsuit seeks injunctive relief, damages, restitution, and coverage of legal costs for the affected individuals. Paychex has not commented on the matter.
A notice of data breach was released by Paychex in July, providing the next steps for impacting individuals.
The class action lawsuit, however, alleges that Paycheck took inadequate cybersecurity measures that allowed a breach to occur. The plaintiff seeks injunctive relief, compensation for losses, and legal fee coverage.
See also: HIPAA Compliant Email: The Definitive Guide
In a court document, the plaintiff notes that the data breach on Paychex “differs from typical data breaches because it affects consumers who had no relationship with Paychex, never sought one, and never consented to Paychex collecting and storing their information.”
The court document reveals that the data breach “resulted in the unauthorized disclosure, exfiltration, and theft of consumers’ highly personal information, including names and Social Security numbers.”
The lawsuit highlights broader issues of data security and privacy. Data breaches can lead to identity theft, financial loss, and other serious consequences for individuals. The case also emphasizes the importance of companies implementing strong cybersecurity measures to protect personal information.
Cases like these can set a legal precedent, potentially influencing future cases and corporate policies regarding data protection and breach notifications. It raises awareness about the responsibility of companies to safeguard sensitive information and the potential legal and financial repercussions of failing to do so.
A data breach can occur through various means, such as hacking, phishing, insider threats, or accidental exposures. In the Paychex case, it happened during an information exchange with a government entity.
Companies are legally required to protect personal information and notify affected individuals promptly in the event of a data breach. The specific obligations can vary by jurisdiction and the type of data involved.
See also: How to respond to a data breach
Data breaches can erode trust between employers and payroll service providers, as employers rely on these services to securely handle sensitive employee information. Restoring trust may require enhanced security measures and transparent communication.