CenturyLink Class Action Says Data Breach Exposed Customers’ Info

A class action lawsuit has been filed against CenturyLink in relation to a data breach that allegedly exposed 2.8 million records of consumers’ personal identifiable information. 

Plaintiff Noel U. Woodard says she had an email account with CenturyLink and that because of the data breach, third-parties were able to access her personal identifiable information. In addition, she states that third-parties were able to obtain access to her other online accounts.

For example, Woodward claims she received a notice Nov. 17, 2019, from her MyIDCare that one of her identity monitoring services had a new notification. She states she also received a phishing email Nov. 23, 2019, notifying her that her primary email account—which was linked to her CenturyLink account—was exposed to a data breach on Oct. 16, 2019.

Woodard says she was particularly concerned about the phishing email as they are advanced because they contain personalized information that makes them almost indistinguishable from legitimate emails.

As a result of this new activity, Woodard claims she undertook measures to ensure her identity had not been stolen and that her accounts had not been compromised. She says she has been required to place secondary control measures on several of her accounts to ensure she doesn’t lose access.

The plaintiff goes on to say she has incurred costs and expenses in the form of time spent, and time she will continue to spend, dealing with the theft of her personal identifiable information.

“As a direct and proximate result of Defendant’s conduct, Woodard has also been placed at an imminent, immediate, and continuing increased risk of harm from fraud and identity theft because her CenturyLink email account contains messages with even more sensitive PII (such as credit card numbers, financial information, tax information, etc.),” the CenturyLink class action lawsuit states.

Woodard claims that she has suffered anxiety and emotional distress because of the defendant’s failures to secure her personal identifiable information.

She also says she was further harmed because of CenturyLink’s failure to timely inform her of the data breach, as it allowed third-parties to continue to use her stolen information for deleterious means.

According to the plaintiff, CenturyLink maintains personal identifiable information of its customers, including customers’ names, email addresses, phone numbers, physical addresses and other account-specific information, and contents of email correspondence.

Woodard maintains that on Sept. 15, 2019, security researcher Bob Diachenko discovered that a CenturyLink database was made publicly available such that no authentication was required to access it.

Woodard claims that although Diachenko notified CenturyLink that same day, the database had already been exposed for around 10 months, which would have given malicious parties more than enough time to use the data in various schemes.

“CenturyLink’s failures to adopt, implement, maintain, and enforce proper data security policies and procedures resulted in Plaintiff’s and other similarly situated individuals’ PII being improperly exposed and disclosed to unauthorized third parties,” the CenturyLink class action lawsuit says.

According to the complaint, identity thieves can use stolen personal identifiable information for a variety of crimes, including credit card fraud, phone or utilities fraud and bank/finance fraud.

In addition, identity thieves can use such information to obtain a driver’s license or official identification card in the victim’s name, use the victim’s name to obtain government benefits or file a fraudulent tax return using the victim’s information.

The plaintiff maintains that she entrusted her personal identifiable information with CenturyLink in connection with the technology services provided to her by CenturyLink. She says the defendant failed to adopt and implement reasonable procedures to ensure her personal identifiable information would be protected from access by malicious third-parties.

“As a direct and proximate result of Defendant’s conduct, Plaintiff and Class members have been placed at an imminent, immediate, and continuing increased risk of harm from fraud and identity theft,” the CenturyLink class action lawsuit says.

The plaintiff and potential Class Members have or will suffer actual injury as a direct result of the data breach, Woodard says.

She explains that, in addition to the financial fraud and damage to her credit, many victims will suffer ascertainable losses in the form of out-of-pocket expenses and the value of their time in trying to mitigate the results of the breach.

“Plaintiff and Class members have an interest in ensuring that their personal and financial information, which is believed to remain in the possession of Defendant, is protected from further breaches by the implementation of security measures and safeguards,” the CenturyLink class action lawsuit says.

Are you a customer of CenturyLink and have had your personal identifiable information breached? Leave a message in the comments section below.

The plaintiff is represented by Melissa A. Huelsman of the Law Offices of Melissa A. Huelsman P.S., Marc E. Dann or DannLaw, and Thomas A. Zimmerman, Jr. of Zimmerman Law Offices.

The CenturyLink Data Breach Class Action Lawsuit is Noel U. Woodard v. CenturyLink Inc., Case No. 2:20-cv-00917, in the U.S. District Court for the Western District of Washington.

Read More Lawsuit & Settlement News:

Roundup Weed Killer Caner Investigation

Plaintiffs Want Cases Consolidated in Zantac Cancer Scare Litigation

Wishbone App Class Action Says Data Breach Affected 40M Users

Judge Approves $7.5M Google Data Breach Settlement