Toshiba hit with cyber breach suit
September 6, 2024
Plaintiff alleges negligence over exposed data after months-long cyberattack, impacting thousands.
Toshiba America Business Solutions, Inc. is facing a major class action lawsuit after a prolonged cyberattack compromised the personal information of more than 4,200 individuals. The breach, between December 2023 and March 2024, exposed sensitive data, including names and Social Security numbers, placing those affected at significant risk of identity theft.
The lawsuit, filed by former employee Kyle McDaniel in the United States District Court for the Central District of California, alleges that Toshiba failed to implement reasonable security measures, allowing cybercriminals to infiltrate its systems for over three months before the breach was detected. McDaniel’s complaint accuses the company of negligence, breach of implied contract, and unjust enrichment, among other legal violations.
Toshiba, a subsidiary of the Japanese conglomerate Toshiba TEC, acknowledged the breach in May 2024 but only began notifying affected individuals later that month. Some notifications were delayed until late July 2024, leaving those impacted unaware of their compromised information for months. The delayed response is a key point in McDaniel’s complaint, which argues that Toshiba’s failure to detect and report the breach swiftly heightened the risk for those affected.
The plaintiff claims that Toshiba did not adhere to industry-standard data security practices, leaving its systems vulnerable to attack. He alleges that the company ignored known risks despite storing highly sensitive information, including Social Security numbers, which have a high value on the black market. The lawsuit also criticises Toshiba’s offer of 24 months of credit monitoring services, describing it as insufficient given the long-term risks associated with identity theft.
McDaniel is seeking compensatory and punitive damages, as well as injunctive relief, to require Toshiba to improve its cybersecurity practices. The lawsuit also calls for Toshiba to implement stronger encryption protocols and more rigorous monitoring systems to prevent similar breaches in the future.
Toshiba now joins a long list of corporations facing legal scrutiny for failing to safeguard their data against sophisticated cyberattacks. At a time when consumer trust is heavily dependent on data protection, the lawsuit against Toshiba underscores the critical importance of maintaining robust security measures.
Categories : Around the Industry
