DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Planet Fitness accuses former employee of stealing personnel data

Posted on August 18, 2015 by Dissent

Scott Dolan reports:

The parent company of the popular Planet Fitness gym chain Monday fired a Maine man who worked as its payroll manager, accusing him of stealing “highly sensitive personal and financial information” about its employees.

Planet Fitness, based in Newington, New Hampshire, made the accusations public in a lawsuit filed against the fired employee, Jason Cole of Lebanon, in U.S. District Court in Portland, seeking to stop him from doing anything malicious with the information.

[…]

The lawsuit accuses Cole of threatening to use insider company information that he received inadvertently to interfere with the company’s IPO and charges him with three counts – breach of contract, converting the company’s personal and financial payroll information for his personal use, and of computer fraud.

Read more on Portland Press Herald.

I’ve uploaded the complaint here because it was not clear to me whether the employer had any hard evidence that Cole had actually misused access to the protected computer(s). From reading the complaint, it sounds like they may have some evidence that he improperly shared confidential information with another employee with whom he allegedly has a romantic relationship and/or resides with, but I don’t see any statement in the complaint that the employer checked access logs to the ADP payroll system and found any evidence that Cole had misused his access to download personnel information. It appears that they were just afraid that he might do that once they terminated him. Why they didn’t just lock him out of the payroll system by changing the password is not explained. The complaint states, in relevant part:

Based on Cole’s admissions and conduct at the July 30 meeting, there was immediate concern that Cole had downloaded other confidential information to which he had access, such as ADP records, to his personal computer. These reports could contain personally identifiable information about approximately 900 Planet Fitness employees, including the executive team.

Okay, so they were concerned. Then what did the logs show? They checked them, right? And why not immediately terminate his access to the system?

There’s a lot in this complaint that doesn’t make sense to me. Maybe it will make sense to you. I do understand, though, why they are seeking court approval to obtain their former employees’ personal computers to determine if any proprietary information is on them.

Update: In November, they dropped the lawsuit and paid him some money.

No related posts.

Category: Business SectorInsiderU.S.

Post navigation

← Hacker claims Madhya Pradesh varsity’s results can be altered
Chinese Rights Websites Hit by Suspected Hacker Attack, Great Firewall Blockade →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.