BATON ROUGE, La. – A Louisiana architectural firm is facing a proposed class action lawsuit in federal court for allegedly failing to safeguard sensitive data.
The alleged data breach led to a ransomware attack by criminal hacker group Payouts King.
The proposed class action was filed against Baton Rouge-based Grace Design Studios LLC in U.S. District Court for the Middle District of Louisiana.
Plaintiff Brian Magadan, a California resident, filed the suit on behalf of a proposed nationwide class of customers and employees whose personally identifiable information, or PII, and protected health information, or PHI, was stolen. Magadan is a former Grace Design employee.
Grace Design specializes in architecture, engineering, consulting, planning, and program strategy.
“Upon information and belief, Defendant failed to properly monitor and maintain adequate data security practices with regard to the computer network and systems that housed the Private Information,” the 40-page filing states. “Had Defendant properly monitored its networks, it would have discovered the Breach sooner.
“Plaintiff’s and Class Members’ identities are now at risk because of Defendant’s negligent conduct as the Private Information that Defendant collected and maintained is now in the hands of data thieves and other unauthorized third parties.”
Magadan argues in his filing that there “has been no assurance offered” by Grace Design that all personal data or copies of data have been recovered or destroyed, or that it has “adequately enhanced” its data security practices to avoid a similar breach in the future.
“Therefore, Plaintiff and Class Members have suffered and are at an imminent, immediate, and continuing increased risk of suffering, ascertainable losses in the form of harm from identity theft and other fraudulent misuse of their Private Information, the loss of the benefit of their bargain, and potential out-of-pocket expenses to remedy or mitigate the effects of the Data Breach,” the complaint states.
According to the filing, Payouts King gained unauthorized access to Grace Design’s network on April 10.
Magadan contends the breach could have been prevented by “properly encrypting or otherwise protecting its equipment and computer files.”
He argues Grace Design failed to comply with Federal Trade Commission guidelines and industry standards on data security practices.
“Had Defendant remedied the deficiencies in its information storage and security systems, followed industry guidelines, and adopted security measures recommended by experts in the field, it could have prevented intrusion into its information storage and security systems and, ultimately, the theft of Plaintiff’s and Class Members’ confidential Private Information,” the complaint states.
Magadan seeks an order certifying the action; judgment in favor of the proposed class; awards of actual damages, statutory damages, restitution, and disgorgement; injunctive relief; an order instructing the defendant purchase and provide funds for lifetime credit monitoring and identity theft insurance for class members; and an award of pre- and post-judgment interest and attorneys’ fees.
Pendley Baudin & Coffin LLC in Metairie, Louisiana, and New York firm Siri & Glimstad LLP are representing Magadan.
