On July 26, 2022, Laborers International Union of North America Local 1098 (“LIUNA Local 1098,” “LIUNA 1098”) reported a data breach stemming from an incident involving unauthorized access to an employee email account. According to the LIUNA 1098, the breach resulted in the names, Social Security numbers, driver's license numbers, state ID numbers, and financial account information of 23,746 people being compromised. After confirming the breach and identifying all affected parties, LIUNA Local 1098 began sending out data breach letters to those impacted by the incident.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the LIUNA Local 1098 data breach, please see our recent piece on the topic here.
What We Know About the LIUNA Local 1098 Data Breach
The information about the Laborers International Union of North America Local 1098 data breach comes from the organization’s official filings with various state government agencies as well as a “Notice of Data Incident” page displayed on its website. Evidently, on April 27, 2022, LIUNA Local 1098 detected suspicious activity within an employee’s email account. In response, the organization began working with third-party cybersecurity specialists in hopes of learning more about the nature and scope of the incident.
LIUNA 1098’s investigation confirmed that an unauthorized party was able to gain access to the employee’s email account starting on February 27, 2022, up through April 27, 2022.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, LIUNA Local 1098 began the process of reviewing all affected files to determine what information was compromised and which consumers were impacted by the incident. While the breached information varies depending on the individual, it may include your name, Social Security number, driver's license number, state ID number, and financial account information. LIUNA 1098 estimates that the recent breach impacted information belonging to 23,746 individuals.
On July 26, 2022, LIUNA Local 1098 sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Laborers International Union of North America Local 1098
Laborers International Union of North America Local 1098 is a labor union based in Saginaw, Michigan. The organization represents the interests of those who work in the construction industry in and around Saginaw. LIUNA Local 1098 is an affiliate of the Laborers' International Union of North America, which more broadly serves energy and construction workers. However, LIUNA also represents over 70,000 public employees. In total, LIUNA has more than 500,000 members throughout the United States and Canada.
Can Workers Hold a Labor Union Responsible for a Data Breach Affecting Their Sensitive Information?
Yes, U.S. data breach laws impose a similar obligation on all organizations, including non-profits, educational institutions, government entities and labor unions, when it comes to protecting consumer data. So, depending on the circumstances surrounding the breach, a labor union may be financially responsible to its members for a data breach.
However, labor unions are not automatically liable for a data breach; it is only when the breach was the result of the union’s negligence that it can be held liable. Additionally, data breach victims must prove that the organization’s failures were the cause of their harms. In other words, members must be able to establish a connection between the organization’s negligence and the member’s injuries, which are usually related to identity theft or other frauds.
To successfully hold an organization financially responsible for a data breach, a member must establish each of the following elements:
The union owed the member a duty of care;
The union breached the duty it owed to the member;
The union’s negligence contributed to the breach, and
The member suffered legally recognizable damages as a result of the union’s negligence.
Notably, when it comes to legal standing to pursue a data breach claim, courts have held that victims of a data breach do not necessarily need to have fallen victim to identity theft to pursue a claim. These courts have determined that the increased risk of future identity theft is sufficient to give the victim the legal ability to bring a case against an organization.