DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Planet Fitness accuses former employee of stealing personnel data

Posted on August 18, 2015 by Dissent

Scott Dolan reports:

The parent company of the popular Planet Fitness gym chain Monday fired a Maine man who worked as its payroll manager, accusing him of stealing “highly sensitive personal and financial information” about its employees.

Planet Fitness, based in Newington, New Hampshire, made the accusations public in a lawsuit filed against the fired employee, Jason Cole of Lebanon, in U.S. District Court in Portland, seeking to stop him from doing anything malicious with the information.

[…]

The lawsuit accuses Cole of threatening to use insider company information that he received inadvertently to interfere with the company’s IPO and charges him with three counts – breach of contract, converting the company’s personal and financial payroll information for his personal use, and of computer fraud.

Read more on Portland Press Herald.

I’ve uploaded the complaint here because it was not clear to me whether the employer had any hard evidence that Cole had actually misused access to the protected computer(s). From reading the complaint, it sounds like they may have some evidence that he improperly shared confidential information with another employee with whom he allegedly has a romantic relationship and/or resides with, but I don’t see any statement in the complaint that the employer checked access logs to the ADP payroll system and found any evidence that Cole had misused his access to download personnel information. It appears that they were just afraid that he might do that once they terminated him. Why they didn’t just lock him out of the payroll system by changing the password is not explained. The complaint states, in relevant part:

Based on Cole’s admissions and conduct at the July 30 meeting, there was immediate concern that Cole had downloaded other confidential information to which he had access, such as ADP records, to his personal computer. These reports could contain personally identifiable information about approximately 900 Planet Fitness employees, including the executive team.

Okay, so they were concerned. Then what did the logs show? They checked them, right? And why not immediately terminate his access to the system?

There’s a lot in this complaint that doesn’t make sense to me. Maybe it will make sense to you. I do understand, though, why they are seeking court approval to obtain their former employees’ personal computers to determine if any proprietary information is on them.

Update: In November, they dropped the lawsuit and paid him some money.


Related:

  • Two more entities have folded after ransomware attacks
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K
  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea's largest guarantee insurer
  • Former U.S. Soldier Pleads Guilty to Hacking and Extortion Scheme Involving Telecommunications Companies
Category: Business SectorInsiderU.S.

Post navigation

← Hacker claims Madhya Pradesh varsity’s results can be altered
Chinese Rights Websites Hit by Suspected Hacker Attack, Great Firewall Blockade →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app
  • Au: Qantas hackers gave airline 72-hour deadline
  • Honeywell vulnerability exposes building systems to cyber attacks
  • Recent public service announcements of note — parents should take special note of these
  • Au: Junior doctor faces fresh toilet spying charges as probe widens to other major hospitals
  • Average Brit hit by five data breaches since 2004
  • BlackSuit ransomware site seized as part of Operation Checkmate
  • The day after XSS.is forum was seized, it struggles to come back online — but is it really them?
  • U.S. nuclear and health agencies hit in Microsoft SharePoint breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals
  • As companies race to add AI, terms of service changes are going to freak a lot of people out. Think twice before granting consent!

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report