BerryDunn, a Maine-headquartered accounting and consulting service provider, found itself embroiled in a class action lawsuit stemming from a data breach that occurred in September. The lawsuit alleges that BerryDunn failed to adequately safeguard customer’s personal information during a cyber security incident. The breach was first flagged on September 14 by one of BerryDunn’s vendors, Reliable Networks of Maine, which detected suspicious activity in its internal network impacting BerryDunn and its Health Analytics Practice Group (HAPG).
A subsequent investigation launched by BerryDunn revealed that the data security incident had compromised the sensitive personal information of at least 1,107,354 individuals. Eight lawsuits have been filed against BerryDunn in the U.S. District Court in Portland, with plaintiffs contending that the company was negligent in protecting customer data and failed to implement basic data security practices.
The lawsuits demand that BerryDunn provide credit monitoring, unspecified damages, hire a third-party security expert to audit its systems, conduct regular security checks on its database, and enhance security measures such as adding firewalls. BerryDunn is yet to file its response to the court.
Additionally, BerryDunn faces another class action lawsuit on behalf of the 1.1 million customers affected by the September data breach. While BerryDunn claims to have found no evidence of compromised information being misused, it advises affected individuals to monitor their credit reports, account statements, and benefit statements for any suspicious activity. The company has offered one year of complimentary identity protection and credit monitoring services through IDX to all affected individuals.
