What is timely notification after a breach?
Accounting firm Bansley & Kiener agreed to a $900k settlement to resolve a class action after a breach.
The accounting firm was breached in December 2020 but did tell people about it.
In May 2021 they discovered that information had been stolen.
Side note: why did it take them six months to figure out that data had been stolen? Is six months a reasonable time to figure that out. I doubt that courts are going to consider that reasonable – just me here.
The firm provides compliance services for clients in the area of payroll, health, pension and other benefit plans.
Side note: assuming you outsource this compliance activity like a lot of companies do, what does you vendor have to tell you and by when if they are hacked? If it is not in the contract, in writing, it doesn’t exist because they may decide, like this company, well, we don’t know for sure that information was taken and decide not to tell you.
Then the firm waited another six months before telling anyone about the breach.
That means that they waited a full year to disclose the breach.
Not surprisingly, they were hit with a class action lawsuit due to unreasonable delay in notification.
While this is not a large settlement, it does point to the fact that the courts are being less understanding to delays in notification as time goes on.
Can you notify people who would be affacted by a breach at one of your vendors in a timely manner or are you sitting on a class action waiting to happen? Need help – contact us.
Credit: Top Class Actions