April Frontier Data Breach Put Customers at 'Significant Risk' of Identity Theft: Suit
Frontier customers are at a “significant risk of identity theft” and other financial harm as a result of an April 13 data breach of the telecom company’s computer systems, alleged a negligence class action Monday (docket 3:24-cv-01418) in U.S. District Court for Northern Texas in Dallas.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Amber Wilson, a Connecticut resident, received a notice dated June 6 saying her personally identifiable information (PII) was compromised in the hacking incident, said the complaint. Information compromised in the breach included customers’ Social Security numbers and birth dates, which Frontier required her and class members to provide in the course of receiving service, it alleged.
Frontier has offered data breach victims “no assurance” that all their PII or copies of data have been recovered or destroyed, or that the defendant has enhanced its data security practices sufficient to avoid a similar breach in the future, alleged the complaint.
As a result, Wilson and class members have suffered and are at imminent, immediate and continued risk of suffering ascertainable losses from identity theft and other fraudulent use of their PII, the loss of the benefit of their bargain, out-of-pocket expenses incurred to mitigate the effects of the breach and the value of their time incurred to mitigate its effects, said the complaint.
Frontier and its employees failed to properly implement security practices surrounding its computer network and systems that housed Wilson and class members’ PII, alleged the complaint. Their identities are now at risk because of Frontier’s “negligent conduct” that allowed the data to fall into the hands of cyberthieves, it said.
Frontier’s privacy policy states that the internet service provider won’t share customers’ private information with third parties, said the complaint. By using and deriving a benefit from customers' PII, Frontier “assumed legal and equitable duties and knew or should have known that it was responsible” for protecting it from “unauthorized disclosure and exfiltration,” the complaint alleged.
The data breach notice letter to customers gave steps they could take to protect their personal information, including “generic" advice to get copies of credit reports, place fraud alerts and security freezes on their credit files and contact the FCC, the complaint said. The defendant offered one year of credit monitoring but “no other substantive steps to help victims,” it said.
Wilson asserts claims for negligence, negligence per se, breach of express and implied contract, intrusion upon seclusion, unjust enrichment and declaratory judgment. The plaintiff seeks for herself and the class actual, statutory costs and damages; equitable relief; restitution and disgorgement; an order requiring Frontier to provide funds for lifetime credit monitoring and identity theft insurance for her and class members; pre- and post-judgment interest; and attorneys’ fees and costs.