ST. LOUIS — Five proposed class action lawsuits have been filed claiming Hogan Transports failed to adequately protect sensitive employee information during a cybersecurity breach that allegedly exposed personal data belonging to current and former employees.
The lawsuits, filed between May 13 and May 19 in U.S. District Court for the Eastern District of Missouri, were brought by former employees from several states, including Texas, Ohio, Indiana and Missouri.
The plaintiffs allege that Blue Enterprises LLC, doing business as Hogan Transports Inc., failed to implement adequate cybersecurity safeguards, allowing unauthorized actors to access company systems between Oct. 25 and Nov. 29, 2025.
According to the complaints, Hogan discovered “unusual activity” on certain systems around Nov. 29, 2025, and later determined that unauthorized individuals had accessed or copied files containing employee information.
Plaintiffs allege the compromised data may have included names, Social Security numbers, driver’s license or state identification numbers and passport numbers.
The complaints state that Hogan completed a review of affected files on March 31, and began notifying affected individuals on May 8.
Several lawsuits allege the company waited approximately 195 days after the breach began before notifying employees, depriving them of an opportunity to mitigate potential harm sooner.
Among the plaintiffs are Raymond Olivas Jr. of Odessa, Texas; Jerimiah Roth of Dayton, Ohio; Christopher Fulfs of St. Charles, Mo.; Aaron Grimes of Indianapolis, Ind.; and Derek Moore of Elwood, Ind.
The lawsuits seek to represent nationwide classes of similarly situated individuals whose personal information was allegedly compromised in the breach.
The plaintiffs allege Hogan failed to maintain reasonable cybersecurity protocols, failed to adequately train employees on cybersecurity practices and failed to implement safeguards necessary to prevent unauthorized access to sensitive information.
Several complaints assert that the company had promised in its privacy policy that employee information would be stored on secure servers behind firewalls and protected from unauthorized disclosure.
Court filings also allege the company cannot fully determine what information was taken or precisely when specific files were accessed.
The plaintiffs claim Hogan’s offer of complimentary monitoring and identity-related services is insufficient to compensate affected individuals for the alleged risks and injuries stemming from the breach.
The lawsuits describe a range of alleged harms suffered by plaintiffs, including time spent monitoring financial accounts, fear of identity theft, anxiety, stress and concerns over the future misuse of personal information.
The complaints also allege that the plaintiffs face an ongoing risk of fraud and identity theft because the exposed information may have been published or sold online.
One complaint filed by Roth alleges Hogan had statutory, contractual and common-law obligations to safeguard private information and failed to take precautions designed to secure sensitive data.
That suit further alleges the company failed to timely notify affected individuals and failed to employ reasonable security measures despite the known risks of cyberattacks targeting personal information.
The complaints seek damages, restitution, injunctive relief and improvements to Hogan’s data security practices.
Claims asserted across the lawsuits include negligence, breach of implied contract, unjust enrichment and violations related to the protection of personal information.
U.S. District Court for the Eastern District of Missouri case numbers: 4:26-cv-00738, 4:26-cv-00744, 4:26-cv-00755, 4:26-cv-00760, 4:26-cv-00790
