A class action complaint has been filed against the International Brotherhood of Electrical Workers (IBEW) following a data breach that occurred between March 31 and April 5, 2024. The breach involved unauthorized access to the names and social security numbers of current and former IBEW members, caused by a ransomware attack carried out by the cybercriminal group BlackSuit. This attack was part of a broader series of cyberattacks in March 2024, which also affected other organizations, including automobile software vendor CDK Global.
The IBEW informed the affected individuals about the breach on August 5, 2024, after discovering the incident on July 3, 2024. The class action complaint, filed in the U.S. District Court for the Eastern District of Missouri, claims that the delay in notification worsened the harm to the affected individuals. The lead plaintiff, a retired electrician, argues that the delayed notice deprived the class of the opportunity to take timely actions to mitigate potential damages.
The complaint also accuses IBEW of not following the Federal Trade Commission’s 2016 guidelines for businesses on data security practices. Additionally, it claims that the union’s actions violated the federal unfair trade practices act, breached its implied contract with its members, and neglected its responsibility to protect sensitive data. These allegations highlight the union’s failure to uphold its obligations regarding data protection and timely notification.
IBEW’s mishandling of the situation has resulted in further legal challenges, with plaintiffs seeking compensation for the harm caused by the data breach. The class action also underscores the growing risks that organizations face from cyberattacks, particularly in the context of union and employee data security. As the case progresses, it will bring attention to how organizations must act quickly and in accordance with data protection regulations to prevent such incidents.
Reference:
