Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
A class action lawsuit has been filed against CenturyLink by customers who claim that the company did not secure the personally identifiable information (PII) of 2.8 million customers which resulted in a data breach.
Plaintiffs Christopher and Patricia Masales allege that, as of Nov. 17, 2018, CenturyLink stored the PII of their customers in a database maintained by MongoDB.
The CenturyLink class action lawsuit states that on Sept. 15, 2019, a security researcher discovered that the database was made publicly available, so much so that no authentication was needed to access it.
The plaintiffs note that the database has been exposed for approximately 10 months. The database contains more than 2.8 million records when the breach was discovered, the couple alleges.
“On information and belief, Defendants’ failures to adopt, implement, maintain, and enforce proper data security policies and procedures resulted in Plaintiffs’ and other similarly situated individuals’ PII being improperly disclosed to unauthorized third-parties,” the CenturyLink class action lawsuit states.
When CenturyLink contracted with MongoDB, CenturyLink reportedly required MongoDB to attend an information privacy course that was developed by CenturyLink. In addition, CenturyLink allegedly required MongoDB and its employees to sign an agreement that they would comply with CenturyLink’s data security procedures.
That said, although the database was maintained by MongoDB, CenturyLink had significant control pertaining to the security of the database, the plaintiffs allege.
The CenturyLink class action lawsuit claims that third-parties accessed the database when it was made publicly available and obtained potential Class Members’ PII from the database.
“As a direct and proximate result of Defendants’ conduct, Plaintiffs and Class members have been placed at an imminent, immediate, and continuing increased risk of harm from fraud and identity theft,” the plaintiffs state.
In addition, plaintiffs and members of the possible Class may suffer actual injury as a result of the data breach, including damage to their credit and losses from out-of-pocket expenses.
Also, the CenturyLink class action lawsuit states that the plaintiffs have suffered anxiety, emotional distress, loss of privacy, and there could be an increased risk of future harm.
The plaintiffs also claim that, although CenturyLink became aware of the security flaw on Sept. 19, 2019, they did not inform the plaintiffs and other putative Class Members until Nov. 19, 2019, giving third-parties time to access to use the plaintiffs PII, depriving plaintiffs from taking remedial measures sooner.
The CenturyLink data breach class action also contends that the plaintiffs each have an email address provided to them by the defendant and that those email accounts are linked to other accounts from various websites. Thus, third parties were able to access accounts that were linked to those email addresses, such as Facebook, Amazon, and LifeLock.
Also, the CenturyLink class action lawsuit claims that the plaintiffs have not been able to access their CenturyLink online accounts for several months and have not been able to pay their CenturyLink bills online.
“As a direct and proximate result of Defendants’ conduct, Plaintiffs have also been placed at an imminent, immediate, and continuing increased risk of harm from fraud and identity theft because their CenturyLink email accounts contain messages with even more sensitive PII,” the plaintiffs claim.
Are you a CenturyLink customer whose data may have been breached? Leave a message in the comments section below.
The plaintiffs are represented by Marc E. Dann and Brian D. Flick of DannLaw and Thomas A. Zimmerman, Jr. and Matthew C. De Re of Zimmerman Law Offices PC.
The CenturyLink Data Breach Class Action Lawsuit is Masales v. CenturyLink Inc., et al., Case No. 3:19-cv-02750, in the U.S. District Court for the Western District of Ohio.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
271 thoughts onCenturyLink Class Action Says 2.8M Customers’ Info Exposed In Data Breach
Please add us. Thank you.
We are customers of Century Link for going on 8 years now. Please add us to your list.
Yes please add me
Add me
Please add me
Please add us we had Century link at our repair shop
Please add me
Please add me also
Yes add me I’m a century Link cliant
Yes, I too am a CenturyLink customer and have been so for years. I hate to think that my personal, private identifiable information is being exposed at my expense. This is a horrible thing for a large communications company to do to its customers. What a shame on the part of CenturyLink. Sometimes when you think you are getting a bargain you are being shafted and fleeced at your own expense. This should never happen. I am appalled at CenturyLink. Please add me to the Class Action! Thank you.