Perkins & Co. Announces Data Breach Related to Incident at Cloud-Hosting Company Netgain

Console and Associates, P.C.

Recently, Perkins & Co. (“Perkins”) confirmed a data breach stemming from a data security incident at a third-party company Perkins used to store data on the cloud. According to Perkins, the breach resulted in the following data being compromised: names, Social Security numbers and financial account numbers. Perkins believes that the recent data breach affected a shocking 354,647 people. On May 27, 2022, Perkins filed official notice of the breach and sent out data breach letters to all affected parties.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Perkins & Co. data breach, please see our recent piece on the topic here.

What Caused the Perkins & Co. Data Breach

The information pertaining to the Perkins data breach comes primarily from various letters the company filed with state regulatory agencies following the incident. Evidently, on around December 3, 2020, Netgain Technologies (“Netgain”), a vendor Perkins uses for hosting its data in the cloud, informed Perkins that Netgain had recently suffered a ransomware attack.

After Perkins learned of the ransomware attack at Netgain, the two companies were in frequent communication about the incident. On January 15, 2022, Netgain relayed the following to Perkins management: between the dates of November 8, 2020, and December 3, 2020, an unauthorized party accessed those Netgain servers containing Perkins’ data. The unauthorized party also copied and stole some of the files on the server. The unauthorized party also encrypted the files and demanded Netgain pay a ransom in exchange for the return of stolen files. Netgain paid the ransom, and the unauthorized party returned the files they had stolen and provided Netgain with a decryption key.

Upon discovering that sensitive consumer data was accessible to an unauthorized party, Perkins & Co. then conducted its own investigation into the incident to determine whether any of the consumer data in the company’s possession was compromised. While the breached information varies depending on the individual, it may include your name, Social Security number and bank account number.

On May 27, 2022, Perkins & Co. sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Perkins & Co.

Perkins & Co. is an accounting firm based in Portland, Oregon. Perkins provides a wide range of services to individual and organizational clients, including business advisory services, tax services, legacy planning, litigation support, employee benefit plan audits and more. Perkins & Co. employs more than 156 people and generates approximately $29 million in annual revenue.

Who Is Responsible for a Data Breach?

Following a data breach, victims often wonder who can be held accountable for the leaking of their information. Under United States data breach laws, all organizations in possession of consumer data have an obligation to safeguard the information in their possession. This includes those organizations that directly receive consumers’ information as well as third-party companies that receive the data through an intermediary.

In the case of the Perkins data breach, there is no indication that Perkins was negligent in maintaining its own data security systems. However, depending on what evidence comes out in the future, there is a possibility that Perkins negligently entrusts consumer data to Netgain. For example, this may be the case if Perkins had reason to believe that Netgain’s servers were not secure or that the company had a history of mishandling consumer data.

Of course, Netgain could also potentially be liable for the breach. Organizations and their data security systems are the first line of defense against cyberattacks. Those businesses that choose not to maintain robust data security systems do so at great risk to consumers' privacy, as hackers routinely target those companies known to have inadequate protections in place.

The bottom line is that data breach laws provide a mechanism for the victims of a data breach to pursue a claim for compensation against the company accountable for the breach. However, determining which company bears responsibility requires an in-depth knowledge of complex data breach laws. Those looking for answers in the wake of the Perkins data breach should consult with an experienced data breach lawyer to learn more about their rights.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.