Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
A class action lawsuit has been filed against CenturyLink by customers who claim that the company did not secure the personally identifiable information (PII) of 2.8 million customers which resulted in a data breach.
Plaintiffs Christopher and Patricia Masales allege that, as of Nov. 17, 2018, CenturyLink stored the PII of their customers in a database maintained by MongoDB.
The CenturyLink class action lawsuit states that on Sept. 15, 2019, a security researcher discovered that the database was made publicly available, so much so that no authentication was needed to access it.
The plaintiffs note that the database has been exposed for approximately 10 months. The database contains more than 2.8 million records when the breach was discovered, the couple alleges.
“On information and belief, Defendants’ failures to adopt, implement, maintain, and enforce proper data security policies and procedures resulted in Plaintiffs’ and other similarly situated individuals’ PII being improperly disclosed to unauthorized third-parties,” the CenturyLink class action lawsuit states.
When CenturyLink contracted with MongoDB, CenturyLink reportedly required MongoDB to attend an information privacy course that was developed by CenturyLink. In addition, CenturyLink allegedly required MongoDB and its employees to sign an agreement that they would comply with CenturyLink’s data security procedures.
That said, although the database was maintained by MongoDB, CenturyLink had significant control pertaining to the security of the database, the plaintiffs allege.
The CenturyLink class action lawsuit claims that third-parties accessed the database when it was made publicly available and obtained potential Class Members’ PII from the database.
“As a direct and proximate result of Defendants’ conduct, Plaintiffs and Class members have been placed at an imminent, immediate, and continuing increased risk of harm from fraud and identity theft,” the plaintiffs state.
In addition, plaintiffs and members of the possible Class may suffer actual injury as a result of the data breach, including damage to their credit and losses from out-of-pocket expenses.
Also, the CenturyLink class action lawsuit states that the plaintiffs have suffered anxiety, emotional distress, loss of privacy, and there could be an increased risk of future harm.
The plaintiffs also claim that, although CenturyLink became aware of the security flaw on Sept. 19, 2019, they did not inform the plaintiffs and other putative Class Members until Nov. 19, 2019, giving third-parties time to access to use the plaintiffs PII, depriving plaintiffs from taking remedial measures sooner.
The CenturyLink data breach class action also contends that the plaintiffs each have an email address provided to them by the defendant and that those email accounts are linked to other accounts from various websites. Thus, third parties were able to access accounts that were linked to those email addresses, such as Facebook, Amazon, and LifeLock.
Also, the CenturyLink class action lawsuit claims that the plaintiffs have not been able to access their CenturyLink online accounts for several months and have not been able to pay their CenturyLink bills online.
“As a direct and proximate result of Defendants’ conduct, Plaintiffs have also been placed at an imminent, immediate, and continuing increased risk of harm from fraud and identity theft because their CenturyLink email accounts contain messages with even more sensitive PII,” the plaintiffs claim.
Are you a CenturyLink customer whose data may have been breached? Leave a message in the comments section below.
The plaintiffs are represented by Marc E. Dann and Brian D. Flick of DannLaw and Thomas A. Zimmerman, Jr. and Matthew C. De Re of Zimmerman Law Offices PC.
The CenturyLink Data Breach Class Action Lawsuit is Masales v. CenturyLink Inc., et al., Case No. 3:19-cv-02750, in the U.S. District Court for the Western District of Ohio.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
271 thoughts onCenturyLink Class Action Says 2.8M Customers’ Info Exposed In Data Breach
As of July 19, 2021, my Centurytel email stopped coming to my computer and I could not send any emails out. When I tried to place an Amazon order using my century email username it said they had no account with that username. After talking to Amazon support they said that my email address was associated with someone else’s name and phone number. And an order had already been charged to my bank account from whoever had stolen my email. Since then I have had absolutely no help from Centurylink –an exhausting and discouraging process. I have had that email address through Century for 30 years and all of my accounts have it as my contact, plus hundreds and hundreds of business and personal contacts. I have not been able to get any help from anywhere and am very distraught!!!! The email below is my gmail because I won’t get any mail from my former centurytel email.
I began receiving sexually provocative emails as well, following this breach from Century Link, which was relayed by way of letter from Century Link dated October 18, 2019. I asked for a credit to my bill, noting I would have to bring my computer in to have all the “inconveniences” removed by a professional; and just had it cleaned up January, 2019. They said they could not do anything, and referred me to the instructions in the Oct. 18 2019 letter. I was not able to bring my computer in to have it serviced by a professional at that time. I contacted Century Link again, when I received an “increase” in my Century Link statement after the 3 year price lock expired in February, 2020; they wanted me to UPGRADE to Fiber Optic, and charge me for an upgrade they could not even accomplish due to the Corona Virus. They are currently charging me $25 more per month, for basic internet & land lane $124.00 monthly.
You are doing great. I recently blogged at this topic Centurylink email settings . Read it now.