American Water Works Co. building in Camden, New Jersey. Credit: Google street view 9 Class Actions: Multiple Law Firms File Suits After Data Breach at Water Company
The number of people impacted by the data breach is unknown, but American Water serves more than 14 million individuals across 14 states, according to the suits.
October 25, 2024 at 01:20 PM
3 minute read
Cybersecurity
The original version of this story was published on New Jersey Law Journal
A New Jersey utility company has been hit with nine class action lawsuits since it announced that it was the target of a data breach.
The suits were filed by Brown LLC of Jersey City; Shub & Johns of Conshohocken, Pennsylvania; Federman & Sherwood of Oklahoma City, Oklahoma; Ahdoot & Wolfson of Radnor, Pennsylvania; Kopelowitz Ostrow Ferguson Weiselberg Gilbert of Bala Cynwyd, Pennsylvania; Laukaitis Law of San Juan, Puerto Rico; Chimicles Schwartz Kriner & Donaldson-Smith of Haverford, Pennsylvania; Carella Byrne Cecchi Brody & Agnello of Roseland, New Jersey; and George Feldman McDonald of New York.
Defendant American Water Works Co. of Camden, New Jersey, announced in a U.S. Securities and Exchange Commission regulatory filing on Oct. 3 that its networks and systems were compromised by a cybersecurity incident.
On Oct. 7, American Water posted notice of the data breach on its website. The notice advised customers of the continued potential harm to customer data; steps it would take to handle the data breach, including shutting down the company's online payment billing and payment portal systems; and work being done in the aftermath of the data breach.
But days later, on Oct. 11, the first lawsuit stemming from the announcement was filed.
The most recent suit landed Oct. 22.
The number of people impacted by the data breach is unknown, but American Water serves more than 14 million across 14 states, according to the suits. American Water is the largest regulated water and wastewater utility company in the United States, its website states.
It's unknown who was behind the American Water cyberattack, but other water facilities have been breached by Russian, Chinese and Iranian-backed cyberattackers in 2023 and 2024, according to TechTarget.com.
American Water "failed to adequately protect plaintiff's and class members' PII [personal identifiable information]—and failed to even encrypt or redact this highly sensitive information," according to one of the suits, Karwoski v. American Water Works. "This unencrypted, unredacted PII was compromised due to defendant's negligent and/or careless acts and omissions and its utter failure to protect its customers' sensitive data. Hackers targeted and obtained plaintiff's and class members' PII because of its value in exploiting and stealing the identities of plaintiff and class Members. The present and continuing risk to victims of the data breach will remain for their respective lifetimes."
Another of the suits, Menichini v. American Water Works, alleged that the defendant breached its obligations to the plaintiff and class members and were otherwise negligent because they failed to audit, monitor or ensure the integrity of its data security practices.
According to that proposed class action, the company's alleged unlawful conduct includes: failing to adequately vet its vendors to ensure they maintained sufficient data security practices; failing to maintain an adequate data security system that would reduce the risk of data breaches and cyberattacks; failing to adequately protect customers' and other related individuals' private personal information; and failing to properly monitor its own data security systems for existing intrusions.
Counsel for American Water has yet to enter appearances in any of the suits. And the company's senior director of external communications, Ruben Rodriguez, said American Water is unable to comment on pending litigation.
These actions were surfaced by Law.com Radar, which delivers artificial intelligence-enhanced case summaries and daily case reports from more than 2,200 state and federal courts. Click here to get started and be among the first to act on opportunities in your region, practice area or client sector.
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
Penn State Agrees to $1.25M Settlement in Novel 'Cyber-Whistleblower' Suit
4 minute read
SEC Fines 4 Companies $7M for Downplaying Breaches Tied to Massive SolarWinds Hack
Orrick Secures Summary Judgment for RingCentral in Privacy Class Action
Data Mining Company Actfore Spins Off From Discovery, Info Gov Provider ActiveNav
Law Firms Mentioned
Trending Stories
- 1Mass. Judge Declares Mistrial in Talc Trial: 'Court Can't Accommodate This Case'
- 2It's Time Law Firms Were Upfront About Who Their Salaried Partners Are
- 3The Law Firm Disrupted: Quality Partner Training—The Exception or the Rule?
- 4Conflict or Earned? Judge in Trump Cases Floated as Potential AG Pick
- 5A&O Shearman Adopts 3-Level Lockstep Pay Model Amid Shift to All-Equity Partnership
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
