Plaintiff Seeks 10 Years' of Credit Monitoring for Class in PharMerica Data Breach Suit
A March data breach at PharMerica led to “concrete injuries” for some 5.8 million customers, alleges a Tuesday privacy class action (docket 3:23-cv-00353) against the pharmacy services company in U.S. District Court for Western Kentucky in Louisville. Plaintiff Frank Raney…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
of Port Bolivar, Texas, alleges the data breach at PharMerica resulted in his personally identifiable information (PII) being disseminated on the dark web; an increase in spam calls, texts and emails; lost or diminished value of his PII; lost opportunity costs and time from attempting to mitigate consequences of the breach; invasion of privacy; loss of benefit of bargain; and continued risk to his PII, which “remains unencrypted and available for unauthorized third parties to access and abuse.” Raney’s PII “remains backed up” in PharMerica’s possession and is subject to further unauthorized disclosures as long as the company fails to undertake appropriate and adequate measures to protect it, alleges the complaint. An undated and untitled notification letter is listed on the Maine attorney general’s website with May 12 and June 8 consumer notification dates. The letter informs unspecified recipients that their PII “may have been obtained” from their systems due to “suspicious activity” on PharMerica’s computer network. On March 21, the company determined that the data contained “your name, address, date of birth, Social Security number, medications and health insurance information.” PharMerica’s offer of 12 months of identity monitoring services “is wholly inadequate” to compensate Raney and class members who face “multiple years of ongoing identity theft, medical and financial fraud” as a result of the breach, said the complaint. The lawsuit claims negligence, breach of implied contract and fiduciary duty, and unjust enrichment. Plaintiff seeks an order enjoining PharMerica from engaging in wrongful conduct. He also seeks equitable relief requiring the company to use appropriate methods for data collection, encryption and safety; to establish a data protection program; restitution and disgorgement of revenue wrongfully gained; 10 years of credit monitoring services for plaintiffs and the class; awards of actual, compensatory, statutory and punitive damages; and attorneys’ fees and costs.