Artech Information Systems settled a data breach class action this week for an incident that occurred in January 2020. Artech will pay up to $10,000 to each individual affected by the breach, based on a tiered payment system.

Artech, a staffing company specializing in placement for IT staff and project services, was the victim of a ransomware attack in January 2020 that resulted in unauthorized access to confidential information concerning about 30,000 current and former employees. During the attack, the hackers opened and downloaded thousands of employee files that contained employees’ names, addresses, telephone numbers, Social Security numbers, and dates of birth. The unauthorized access occurred over a three-day period, but upon discovery, Artech was able to mitigate the attack within six hours . However, Artech did not notify its employees of the incident until several months after resolving the breach.

The class alleged that Artech failed to protect their personal information through reasonable cyber security measures and failed to make prompt notification to its employees. The class further alleged that Artech’s failures increased their risk for identity theft and fraud.

Under the terms of the class action settlement, all class members are eligible for three years of credit monitoring and identity protection services, and cash compensation is available for class members who suffered fraud as a result of the incident. The cash compensation is structured as tiered payments:

  • Tier 1: Up to $80 in payments for lost time at a rate of $26.67 per hour, capped at three hours; available to class members who provide documentation of time spent addressing the breach.
  • Tier 2: Up to $10,000 in out-of-pocket losses resulting from the breach; available to class members for losses resulting from identity theft or other fraud enabled by the access to/disclosure of personal information (documentation must be provided).

The exclusion deadline was Jan 7, 2022, and all class members eligible for cash compensation must submit a valid claim by February 26, 2022. Class members will have until May 10, 2022, to submit a request for the free credit monitoring. This settlement is just another reminder for businesses to secure and protect their systems and data, and to check in with their insurance brokers to make sure that cyber incidents and data breach class actions like this are covered.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.