Jake Holland reports:
Camera and lens manufacturer Canon U.S.A. Inc. was hit with a proposed class action after a ransomware attack exposed current and former employees’ personal information.
The plaintiffs—residents of Ohio, New York, Florida, and Illinois—allege that the company acted negligently and violated several state trade practices laws by failing to guard against the threat, according to a lawsuit filed Wednesday in the U.S. District Court for the Eastern District of New York.
Read more on Bloomberg Law (sub. req.)
In August, BleepingComputer had reported that Canon had been hit by Maze ransomware, with allegedly 10 TB of data stolen. Canon did not publicly confirm the breach until November, according to subsequent BleepingComputer coverage.
That delay in confirmation was also a delay in notifying employees, according to the lawsuit complaint, which pretty much follows a cookbook formula for these types of suits, with claims that the defendant should have know there was great risk, the defendant failed to take appropriate steps to protect the data, and now the employees will be at increased risk of etc. etc. Looking at the description of the named plaintiffs, not one of them has alleged any actual identify fraud or false charges. What they all claim is that they have received an increased number of scam calls and emails.
Haven’t we ALL experienced that this year?
Will this lawsuit survive a challenge to standing based on speculative harms as opposed to concrete injuries? It’s in Eastern District New York, and we’ll be watching to see.