SAN FRANCISCO—Since June 5, The San Francisco Employees’ Retirement System (SFERS) has been confronted with a class-action lawsuit claiming negligence due to a data hack from February.
Righetti Glugoski, a law firm located in San Francisco, is representing the plaintiffs. The case was brought to the firm by San Francisco resident Richard Goss. The defendants of the case are SFERS and 10up, a web consultant that was housing the information that was subject to breach.
The security breach in question occurred on February 24. The server on which 10up was hosting SFERS client information was accessed by a third party, but 10up could not confirm whether or not any data had actually been stolen from the server.
The lawsuit claims that SFERS and 10up were not careful enough to protect members’ information.
As written in the lawsuit, the plaintiffs hold that “Defendants knew or should have known the risks of collecting and storing PII and the importance of maintaining secure systems.”
Among other things, the plaintiffs are requesting credit monitoring.
After SFERS announced the data breach to its members on June 1, it said that all SFERS clients would be provided with free one-year membership of Experian’s IdentityWorks identity theft protection.
10up President Jake Goldman told the San Francisco News on Friday, June 19, “We did notice what appear to be a number of pretty basic mistakes in the claim. Given that I am still unaware of any evidence that any data was actually accessed or taken, given that we more than met industry standards for responsible disclosure of risk to the data, and given that anyone potentially impacted was provided identity protection services…my lack of legal expertise notwithstanding, I don’t really understand what damage or harm they are claiming.”
Still, Goldman noted that if it came down to it, the company has a designated portion of its budget that would contribute to paying for damages in the event that the court rules against the defendants.