Last week, a class action was filed against NewsBank, Inc., a Florida-based news database company, related to a 2024 breach of employee personal information.

NewsBank provides a database of archived news publications utilized by libraries, higher education institutions, and other organizations. NewsBank suffered a security incident affecting its employees’ personal information between June and July 2024.

The lead plaintiff claims that, as an employee of NewsBank from January 2023 to November 2024, they were required to provide their personal information (i.e., name, date of birth, Social Security number, and financial account information) as part of their employment.

The lead plaintiff alleges they now face a heightened risk of identity theft due to the breach. The complaint states, “Plaintiff and class members must now and for years into the future closely monitor their medical and financial accounts to guard against identity theft. The risk of identity theft is not speculative or hypothetical but is impending and has materialized as there is evidence that the plaintiff’s and class members’ private information was targeted, accessed, has been misused, and disseminated on the dark web.” The lawsuit alleges claims of negligence, breach of implied contract, and breach of fiduciary duty.

Additionally, the lawsuit alleges that NewsBank failed to follow its policies, including those outlined in its website Privacy Policy, stating that NewsBank had implemented security procedures to protect personal information from unauthorized access, use, and disclosure.

The class seeks over $5 million in damages and injunctive relief, requiring NewsBank to implement enhanced security measures and provide affected individuals with lifetime identity theft protection services. The complaint alleges that “[o]nce private information is exposed, there is virtually no way to ensure that the exposed information has been fully recovered or contained against future misuse [. . . ] For this reason, plaintiff and class members will need to maintain these heightened measures for years, and possibly their entire lives, as a result of defendant’s conduct.”

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Read more about Kathryn Rattigan
Show more Show less