Subscriber Benefit
As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe Now
A South Bend steel processor is facing a lawsuit from former employees who claim a cyber gang infiltrated the company’s computer systems and stole the personally identifiable information of customers and workers.
Tim O’Toole and James Miller, former employees of Steel Warehouse Company, a family-owned steel processor and service center based in South Bend, claim the company consistently failed to have proper cybersecurity protections, leading to a recent breach of the plaintiffs’ personally identifiable information, including names, Social Security numbers and payment information.
The two men initially filed separate lawsuits but they were consolidated last month and moved to St. Joseph Commercial Court.
According to their combined complaint, the Cactus cyber gang believed to be affiliated with a notorious ransomware has taken credit for infiltrating the company’s information systems and successfully downloading about 679 GB of files, which it then shared on the dark web.
O’Toole and Miller argue that the company’s cybersecurity systems were “woefully inadequate” and they accuse the company with negligence, breach of implied contract, breach of bailment and an invasion of privacy and public disclosure of private facts.
Steel Warehouse’s attorney, Monica Brownewell Smith of Barnes & Thornburg, did not immediately respond to The Lawyer’s request for comment.
Attorneys for the plaintiffs are Lynn Toops and Amina Thomas of CohenMalad LLP.
Toops has been appointed interim class attorney for the consolidated action. Thomas said in an email that clients in data breaches want assurances that action is taken by organizations to prevent such issues in the future.
In addition to seeking personal damages for the plaintiffs, their attorneys are asking the court to require the company to implement and maintain a comprehensive information security program, prohibit it from keeping personally identifiable information on a cloud-based database and to seek out third-party security auditors to conduct periodic testing on its security systems.
According to the complaint, Steel Warehouse Company did not comply with Federal Trade Commission guidelines by failing to “employ reasonable and appropriate measures to protect against unauthorized access.”
The case is In Re: Steel Warehouse Data Incident Litigation, 71D04-2505-PL-000123.
Please enable JavaScript to view this content.