Suit seeks a jury trial and the award of monetary, punitive damages for plaintiff, other victims whose personal information was allegedly compromised
HOUSTON — A class action lawsuit has been filed against Ashley licensee Dufresne Spencer Group related to a data breach the plaintiffs believe could threaten their personal information for years to come.
Filed June 10 in the U.S. District Court for the Southern District of Texas, the suit names Rosalyn Parker as a plaintiff in a case alleging a data breach involving her and an undetermined number of customers whose personal information could be compromised now and in the future.
The suit claims that on Jan. 15, DSG learned that between May 15, 2023, and June 5, 2023, an unauthorized party had gained access to its information systems which contained information such as customer names, dates of birth and driver’s license numbers, along with banking account and routing numbers.
The suit also noted that the company did not begin disseminating information about the data breach until several months later. Parker and other class members began receiving notices of the breach — specifically that an unauthorized party had accessed and/or acquired their private information — on or around May 7.
The notice also reportedly let the customers know of the “generic steps” that victims of data security incidents can take to review financial account statements and credit reports for any unauthorized activity.
“Other than providing only a one-year membership of credit monitoring and identity theft protection through Equifax Credit Watch Gold, defendant offered no other substantive steps to help victims like plaintiff and class members to protect themselves from the aftermath of the data breach,” the suit said, adding that based on information legal counsel has received, the defendant sent a similar generic letter to all other individuals affected by the data breach.
It said the suit aims to address the defendant’s inadequate safeguarding of class members’ private information that it collected and maintained by its systems.
“The potential for improper disclosure and theft of plaintiff’s and class members’ private information was a known risk to defendant and thus, defendant was on notice that failing to take necessary steps to secure the private information left it vulnerable to an attack,” the suit said. “Had defendant properly monitored its networks and implemented adequate data security practices, it could have prevented the data breach, or at the very least discovered the data breach sooner.”
The suit went on to say that the data breach victims’ identities are now at risk because of the defendant’s “negligent conduct, which led to the private information that it collected and maintained falling into the hands of data thieves and other unauthorized third parties.”
It noted that the plaintiff and other class members relied on the defendant to keep their private information confidential and securely maintained and to only make authorized disclosure of this data.
However, it said the defendant failed to do so, which has caused the plaintiff injury because of the invasion of privacy, identity theft, fraudulent accounts opened using her private information, along with multiple unauthorized credit inquiries, damage to her credit and denial of credit applications, which the suit said that she attributes to the data breach. This also has resulted in time and effort that the plaintiff has spent to continually monitor impacts on her personal and financial information.
“As a result of the data breach, plaintiff anticipates spending considerable time and money on an ongoing basis to try to remain vigilant to mitigate and address the many harms caused by the data breach,” the suit said.
“Moreover, the plaintiff and class members have an interest in ensuring that their private information, which is believed to still be in the possession of defendant, is protected by future breaches by the implementation of more adequate data security measures and safeguards, including but not limited to ensuring that the storage of data or documents containing highly sensitive personal information of its customers and employees is not accessible online, that access to such data is password protected and that such data is properly encrypted.”
The suit has requested a jury trial on the matter and is seeking an undetermined amount of monetary relief including actual damages, statutory damages, punitive damages, as well as reasonable attorneys’ fees, costs and other expenses allowed by law in addition to prejudgment and post-judgment interest.
Home News Now has reached out to DSG for comment and is awaiting a response.