Quaker Faces Class-Action Lawsuit Over Data BreachJanuary 29th, 2024 by Editor
After an unauthorized user accessed files on Quaker Window Products’ computer network, one of the company’s former employees has filed a class action complaint against the company. According to a Notice of Data Security Incident filed by the company with Maine’s attorney general, the potentially affected information varied by individual but may include names, addresses and Social Security numbers. A data breach notification posted to the attorney general’s website says around 11,000 individuals were affected by the event, which occurred Nov. 25, 2023. According to the notice, the company immediately initiated an investigation.
Following the data breach, a class action complaint was filed January 18, 2024, in the U.S. District Court for the Western District of Missouri, Central Division, by Kylie Noakes, one of the company’s former employees. According to the complaint, Quaker immediately “engaged cybersecurity experts to assist with the process.” By December 22, 2023, the company had identified those whose data had been compromised and “took steps to obtain addresses for those individuals whose information was involved,” including contacting them by letter starting on December 29, legal documents say.
“Quaker takes data security seriously. Upon learning of the network security incident, Quaker acted promptly to minimize any disruption to our operations, while investigating and mitigating the effects of the incident,” Bill Sifflard, Quaker’s chief marketing officer, told [DWM]. “During the investigation, Quaker took prompt action to notify anyone who was potentially affected by the incident and offered them free access to credit monitoring and identity protection services out of abundance of caution. Due to pending class action litigation, Quaker has no further comment to provide at this time.”
Noakes accuses the company of failing “to properly secure and safeguard plaintiff’s and other similarly situated employees’ and customers’ sensitive information.” Specifically, the complaint alleges Quaker “failed to adequately protect plaintiff’s and class members [personally identifiable information (PII)]––and failed to even encrypt or redact this highly sensitive information.” She alleges that because of the data breach, she and “all others similarly situated” have suffered an “invasion of privacy; theft of PII; lost or diminished value of PII; lost time and opportunity costs associated with attempting to mitigate the actual consequences of the data breach; loss of benefit of the bargain; lost opportunity costs associated with attempting to mitigate the actual consequences of the data breach; and the continued and certainly increased risk to their PII.”
Her representation also alleges that the information that was initially compromised “remains unencrypted and available for unauthorized third parties to access and abuse” and “remains backed up in [Quaker]’s possession and is subject to further unauthorized disclosures so long as [Quaker] fails to undertake appropriate and adequate measures to protect the PII” as outlined by the Federal Trade Commission.
Ultimately, the lawsuit alleges negligence, negligence per se, breach of implied contract, and unjust enrichment. At this early stage of the lawsuit, the complaint is asking for six things:
Going forward, Noakes and her representation are asking for a jury trial to settle the matter.