Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
A class action lawsuit has been filed against CenturyLink by customers who claim that the company did not secure the personally identifiable information (PII) of 2.8 million customers which resulted in a data breach.
Plaintiffs Christopher and Patricia Masales allege that, as of Nov. 17, 2018, CenturyLink stored the PII of their customers in a database maintained by MongoDB.
The CenturyLink class action lawsuit states that on Sept. 15, 2019, a security researcher discovered that the database was made publicly available, so much so that no authentication was needed to access it.
The plaintiffs note that the database has been exposed for approximately 10 months. The database contains more than 2.8 million records when the breach was discovered, the couple alleges.
“On information and belief, Defendants’ failures to adopt, implement, maintain, and enforce proper data security policies and procedures resulted in Plaintiffs’ and other similarly situated individuals’ PII being improperly disclosed to unauthorized third-parties,” the CenturyLink class action lawsuit states.
When CenturyLink contracted with MongoDB, CenturyLink reportedly required MongoDB to attend an information privacy course that was developed by CenturyLink. In addition, CenturyLink allegedly required MongoDB and its employees to sign an agreement that they would comply with CenturyLink’s data security procedures.
That said, although the database was maintained by MongoDB, CenturyLink had significant control pertaining to the security of the database, the plaintiffs allege.
The CenturyLink class action lawsuit claims that third-parties accessed the database when it was made publicly available and obtained potential Class Members’ PII from the database.
“As a direct and proximate result of Defendants’ conduct, Plaintiffs and Class members have been placed at an imminent, immediate, and continuing increased risk of harm from fraud and identity theft,” the plaintiffs state.
In addition, plaintiffs and members of the possible Class may suffer actual injury as a result of the data breach, including damage to their credit and losses from out-of-pocket expenses.
Also, the CenturyLink class action lawsuit states that the plaintiffs have suffered anxiety, emotional distress, loss of privacy, and there could be an increased risk of future harm.
The plaintiffs also claim that, although CenturyLink became aware of the security flaw on Sept. 19, 2019, they did not inform the plaintiffs and other putative Class Members until Nov. 19, 2019, giving third-parties time to access to use the plaintiffs PII, depriving plaintiffs from taking remedial measures sooner.
The CenturyLink data breach class action also contends that the plaintiffs each have an email address provided to them by the defendant and that those email accounts are linked to other accounts from various websites. Thus, third parties were able to access accounts that were linked to those email addresses, such as Facebook, Amazon, and LifeLock.
Also, the CenturyLink class action lawsuit claims that the plaintiffs have not been able to access their CenturyLink online accounts for several months and have not been able to pay their CenturyLink bills online.
“As a direct and proximate result of Defendants’ conduct, Plaintiffs have also been placed at an imminent, immediate, and continuing increased risk of harm from fraud and identity theft because their CenturyLink email accounts contain messages with even more sensitive PII,” the plaintiffs claim.
Are you a CenturyLink customer whose data may have been breached? Leave a message in the comments section below.
The plaintiffs are represented by Marc E. Dann and Brian D. Flick of DannLaw and Thomas A. Zimmerman, Jr. and Matthew C. De Re of Zimmerman Law Offices PC.
The CenturyLink Data Breach Class Action Lawsuit is Masales v. CenturyLink Inc., et al., Case No. 3:19-cv-02750, in the U.S. District Court for the Western District of Ohio.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
271 thoughts onCenturyLink Class Action Says 2.8M Customers’ Info Exposed In Data Breach
Please add me
Have been a long time customer, wondering if I qualify to join this class action suite.
Add me.
I would like to know more information as I have had several issues recently with Centurylink and possibly add me to the plaintiff list. Thank you!
Yes, add me to your list
Please add me to your list.
Thank you.
Add me
Yep, Me too…
Add me. Been with CenturyLink for years. Data breach’s are getting out of control
I have been with CenturyLink for years, so I’m a bit concerned about this.
I’ve been with Century Link/Qwest for over 20 years for Internet & Land Line phone service. How do I find out if my PII has been affected?
You might want to call Centurylink directly to see if your information was breached, however I personally do not trust anything Centurylink tells any of us. The call center is overseas and the State of Virginia, specifically my neighboring counties have had some serious issues with them. I can tell you more but not on here.
You could call CenturyLink directly and they should be able to tell you if your account was one that was accessed and possibly breached. However I would not trust anything as the call centers are all overseas and currently the State of Virginia is having some serious issues with them. We’ve had some town hall meetings in my neighboring counties and that’s all I can say here.