Recently, DiversiTech Corporation confirmed that the company experienced a data breach apparently related to unauthorized access to a company email account. According to DiversiTech, the breach resulted in the names and Social Security numbers of certain consumers being compromised. On June 10, 2022, DiversiTech filed official notice of the breach and sent out data breach letters to all affected parties.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the DiversiTech Corp. data breach, please see our recent piece on the topic here.
What We Know About the DiversiTech Corp. Data Breach
At this point, very little is known about the DiversiTech breach, as the company only recently reported the incident. However, according to the company’s most recent filings, the breach involved an incident with the company’s IT servers, resulting in various data types being exposed. While there may be others, the company notes that the names and Social Security numbers were among the compromised data types.
On June 14, 2022, DiversiTech Corp. filed official notice of the breach with various government entities and began sending out data breach letters to all individuals whose information was compromised as a result of the recent incident.
DiversiTech Corporation is a manufacturing company based in Duluth, Georgia. DiversiTech specializes in creating component parts for air conditioning units. The company also manufactures a range of infection-control and personal protective equipment. DiversiTech operates several other companies as subsidiaries, including Morris Products, Inc., Pump House, and Alltemp Product Company, Ltd. DiversiTech Corp. employs more than 529 people and generates approximately $250 million in annual revenue.
Can Consumers Pursue a Data Breach Lawsuit Against a Company Who Leaks Their Data?
Yes, under the United States data breach laws, victims of a data breach may be able to pursue a class action data breach lawsuit against a company that leaked their information if they can prove that the company was negligent in how it maintained or stored their information. Because data breaches often affect hundreds—and sometimes thousands—of people, these lawsuits are often filed as class action lawsuits.
A class action lawsuit is a case filed by a group of individuals, all of whom suffered similar harms that were allegedly caused by the same party. However, before a class action lawsuit is able to proceed to trial, the court must “certify” the class. This is a complex process that involves the court reviewing all of the aggrieved parties’ claims and damages to determine if they are sufficiently similar to justify a class action.
The vast majority of data breach class action lawsuits are based on the legal theory of negligence. Companies may be negligent in a few different ways when it comes to protecting the security of consumer data. For example, below are a few examples of situations that may show a company’s negligence:
-
A company fails to employ a useful data security system or uses an outdated system;
-
A company inadvertently sends consumer information to an unauthorized party;
-
An employee fails to follow company procedures when dealing with consumer data;
-
An employee responds to a phishing attack, either by clicking on a link or providing sensitive information to an unauthorized party.
Importantly, just because a breach occurred does not necessarily mean that the company was negligent. It is possible that, despite a company taking all reasonable precautions, a hacker is still able to bypass their security system. However, a data breach is certainly an indication that something went wrong and warrants further investigation.
Those consumers whose information was leaked in a data breach can learn more about their rights by reaching out to a data breach and consumer privacy lawyer.
