A pension plan member sued Transamerica Retirement Solutions, alleging that it failed to exercise due diligence to secure and protect the Personally Identifiable Information (PII) of its clients, including names , addresses, social security numbers and amounts of contributions to the pension fund.
The proposed class action lawsuit was filed on behalf of individual participants in the plans served by Transamerica who had access to their personal information by unauthorized parties following a data breach in or around June. The lawsuit says the plaintiff was not notified by Transamerica until almost four months after Transamerica learned of the violation.
When notified, the plaintiff was also offered two years of credit monitoring through Equifax, which the lawsuit says is ineffective for the plaintiff and other class members. “Equifax credit monitoring reportedly shared [the plaintiff’s] information with third parties and could not guarantee the complete confidentiality of his sensitive personal information ”, the complaint States.
The lawsuit claims that for years after the data breach, pension plan members who were affected will suffer “a multitude of harms as a result of the defendant’s ineffective data security measures.” He says the complainant has already suffered a number of fraudulent purchase requests and spam calls on his behalf since the data breach, which the lawsuit says will negatively affect his finances in the future.
The complaint alleges that the data breach occurred because Transamerica failed to take reasonable steps to protect the personal information it collected and stored. “[The] the defendant violated the rights of the plaintiff and the members of the class by intentionally, willfully, recklessly or negligently failing to take and implement adequate and reasonable steps to ensure that the personal information of the plaintiff and members of the group were protected, failing to take available measures to prevent unauthorized disclosure of data and fail to follow applicable, required and appropriate protocols, policies and procedures regarding data encryption, even for internal use, ”the complaint states. .
It includes lists of recommended actions to protect customers’ personal information.
The lawsuit makes claims for negligence, breach of contract, implied breach of contract, breach of fiduciary duty and violations of section 349 of general New York business law.
In a statement to PLANSPONSOR, Transamerica said, “Transamerica has become aware of a recent lawsuit in the Southern District of New York which asserts claims against our pension operations. The allegations in the trial are inaccurate and misleading. At no time have unauthorized persons gained access to Transamerica’s systems, as the lawsuit suggests. Allegations that Transamerica failed to meet its legal or regulatory obligations are false. Transamerica is proud of the service we provide to our pension clients, and we will vigorously defend against this lawsuit.