Dell Is Leaving 49M Data Breach Victims to Fend for Themselves, Says Class Action
John Lattimore seeks to hold Dell accountable for the injuries it inflicted on him and millions of similarly situated persons due to its “impermissibly inadequate data security,” alleged his class action Friday (docket 1:24-cv-00499) in U.S. District Court for Western Texas in Austin.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Dell’s negligence caused the personal information of 49 million customers to be "exfiltrated" by cuber criminals in a data breach it notified customers about Thursday, said the complaint. The data that Dell collected from customers and exposed to the hackers were “highly sensitive,” it said. It included names, physical addresses and Dell hardware and order information, including service tags, item descriptions, order dates and related warranty information, it said.
Dell maintained its customers’ sensitive data “in a negligent and/or reckless manner,” said the complaint. Dell “inadequately maintained” its network, platform and software, “rendering these easy prey for cybercriminals,” it said. The risk of the data breach was known to Dell, so it was “on notice that its inadequate data security created a heightened risk of exfiltration, compromise, and theft,” it said.
After the data breach, Dell failed to provide timely notice to the affected victims, “thereby exacerbating their injuries,” said the complaint. Dell ultimately deprived plaintiff Lattimore of Cayuga County, New York, and class members of the chance “to take speedy measures to protect themselves and mitigate harm,” it said. “Simply put,” Dell impermissibly left Lattimore and the class members “in the dark, thereby causing their injuries to fester and the damage to spread,” it said.
The identities of Lattimore and the class members are in jeopardy, all because of Dell’s negligence, said the complaint. They now suffer “from a present and continuing risk of fraud and identity theft and must now constantly monitor their financial accounts,” it said. The remedies that the complaint seeks include compensatory and punitive damages and reimbursement of out-of-pocket costs.
“In sum,” Dell largely put the burden on Lattimore and the class members “to take measures to protect themselves,” said the complaint. Dell has offered no measures to protect the victims “from the lifetime risks they each now face,” it said. As “another element of damages,” Lattimore and the class members “seek a sum of money sufficient” to provide them with identity theft protection services for 10 years, it said. Dell didn't immediately comment.