Dive Brief:
- A Florida worker filed a class-action lawsuit in the U.S. District Court for the Western District of New York July 11 against Paychex after an April data breach at the payroll services company exposed workers’ names and Social Security numbers, and the company waited a month before beginning to notify affected individuals, according to court documents.
- The plaintiff alleges Paychex’s negligence and inadequate cybersecurity measures allowed the personal information of workers whose employers contract with the company to be compromised. The data breach occurred when Paychex attempted to exchange information with the State of California and instead permitted access to an unauthorized individual, the complaint reads.
- The plaintiff seeks injunctive relief, damages, restitution, costs and attorneys’ fees for the affected class, according to the complaint. Paychex did not respond to several requests for comment.
Dive Insight:
Data breaches involving employee information are a relatively common cause for class-action lawsuits.
In June, former and current Panera employees proposed a class-action lawsuit against the company after a data breach exposed worker information. The suit alleges the company failed to safeguard the personally identifiable information and then waited three months to notify workers of the breach.
Similarly, in February, employees filed a lawsuit against Golden Corral after the company allegedly did not safeguard and secure workers’ personally identifiable information and then waited six months after a data breach to notify those affected. That breach affected more than 180,000 people.
And notably, in 2021, HR vendor UKG was involved in a major data breach that took down customers’ core HR functions for weeks and resulted in millions in dollars in damages for lost wages, benefits and compensation.