Last week, Mediant Communications Inc. (Mediant) settled a class action lawsuit in the U.S. District Court for the Southern District of New York stemming from a 2019 data breach in which hackers accessed 200,000 individuals’ personal information from its proxy investor communication service. Mediant is based in New York and offers mutual funds and real estate investment trusts along with other financial services. The breach exposed individuals’ names, addresses, e-mail addresses, phone numbers, Social Security numbers, tax identification numbers, and account IDs, among other sensitive information.

Lead plaintiff, Phillip Toretto, sued Mediant, alleging that the hack was caused by Mediant’s poor network security and its failure to encrypt personal information stored and maintained on its systems. Additionally, Toretto claimed that Mediant failed to adequately notify its customers.

Judge Gregory H. Woods first determined in February that Toretto could proceed on his declaratory judgment and negligence claims. However, the court dismissed the claims brought against the publicly-traded company, Donnelly Financial Solutions, through which Mediant provides proxy investor communications services. The details of the settlement are anticipated within the next few weeks.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.