Consumers in seven different class actions filed against a collection agency that suffered a data breach have filed a motion to consolidate their lawsuits into one, which would put eight different law firms in charge of representing the plaintiffs.
The collection agency — NCB Management Services — announced the breach last month. More than 500,000 consumers were impacted by the attack. The information that may have been accessed included consumers’ first and last names, addresses, phone numbers, email address, dates of birth, employment information, driver’s license numbers, Social Security numbers, account numbers, credit card numbers, routing numbers, and account balances and statuses. In announcing the breach, the company used language that is traditionally used when a company has been the victim of a ransomware attack.
The complaints filed by consumers who were affected by the breach accuse the agency and the original creditor of negligence, breach of fiduciary duty, unjust enrichment, breach of implied contract, and violation of state law in New York. The agency failed allegedly failed to implement and maintain reasonable and adequate security measures to secure, protect, and safeguard against unauthorized access and disclosure of sensitive Personal Identifying Information (PII), according to the complaint.
The complaints draw the connection that the defendants advertised and marketed their services to consumers as being secure and safe and the breach contradicted those assertions. The defendants knew that criminals targeted PII and that the loss of PII has “grave and lasting consequences” for the victims, so they should have done more to protect the information, according to the complaint.