Onix Group, a Pennsylvania-based real estate firm, is being targeted by three proposed federal class action lawsuits in the aftermath of a ransomware attack. The attack, which occurred in May, resulted in the compromise of sensitive information belonging to 319,500 individuals, including patient data from addiction treatment centers. The lawsuits claim that Onix Group was negligent in safeguarding the personal information, accusing the company of inadequate security measures and seeking monetary damages along with an injunction to improve information security practices.
The ransomware attack on Onix Group was disclosed in May, where it was revealed that the breach affected hundreds of thousands of individuals, including both patients and employees. The attack corrupted certain systems and involved the exfiltration of files, according to the company. Personal information, such as names, Social Security numbers, birthdates, and medical records, was exposed for patients, while employee information, including Social Security numbers and health plan enrollment details, was also compromised.
The lawsuits claim that individuals affected by the breach continue to face significant risks of identity theft and other forms of personal harm, alleging that Onix Group failed to adequately protect their private information. The plaintiffs argue that Onix Group promised to safeguard their data but fell short in implementing proper security measures. The lawsuits further assert that the company has not provided assurance that all compromised data has been recovered or destroyed, and there is concern about the effectiveness of Onix Group’s enhanced data security protocols to prevent future breaches.
Onix Group has stated that it is taking steps to strengthen the security of its systems and enhance protocols to prevent similar incidents. However, the company has not yet responded to inquiries about the lawsuits or provided additional details regarding the ransomware attack and subsequent security measures. The incident highlights the importance of robust data security practices and the potential consequences for organizations that fail to adequately protect sensitive personal information from cyber threats.