Rumpke settles lawsuit over employee data stolen in cyberattack – Cincinnati Enquirer
Rumpke is settling a class-action lawsuit after several employees allege a cyberattack stole terabytes of their information from company servers.
Rumpke will pay $750,000 toward a settlement fund available to current and former employees, whose employee files were stolen during a ransomware attack in which more than 3 terabytes of data was taken, according to a mid-November settlement agreement in Hamilton County Common Pleas.
The employee files, which include employees’ social security numbers and other personally identifying information, were accessed during the data breach around October 2024, according to the lawsuit.
Nearly 17,000 people were impacted by the data breach, according to the settlement agreement.
Rumpke is settling the lawsuit without admitting any wrongdoing, the settlement agreement says.
“While Rumpke has no evidence that any personal information was extracted from our networks or misused for identity theft or fraud, our employees and their families are most important to us and therefore we are continuing to exercise an abundance of caution to help protect their personal information and financial security,” said Amanda Pratt, Rumpke’s senior vice president for communications.
“It is also important to confirm that the investigation into this event did not uncover evidence that any customer payment information or payment processing systems were impacted,” Pratt said.
Those eligible for settlement funds will be notified by mail. The settlement provides up to $5,000 in reimbursement for losses resulting from the data breach, a cash payment as much as $475 and one year of identity theft and credit monitoring protection.
Several Rumpke employees who led the lawsuit alleged Rumpke failed to implement reasonable cybersecurity measures and were unable to identify the malicious activity until the cyberattackers began to ask for ransom, the lawsuit says.
Common Pleas Judge Leah Dinkelacker has already given preliminary approval for the settlement. Final approval, barring any objections, will be made in a hearing April 16.
Several local governments, medical institutions and other groups have fallen victim to cyberattacks recently. The City of Middletown was hit by an apparent ransomware attack last summer, making it difficult for residents’ to access regular city functions. Patients of Kettering Health, a Dayton-based hospital group, began receiving scam calls following a cyberattack that took its systems offline last spring.
Scammers and cybercriminals stole a record total of $16.6 billion from Americans in 2024, according to the FBI.
source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.
