A civil suit filed in the Northern District of Illinois on Thursday has taken aim at Samsung Electronics America Inc. over a data breach that occurred in late July and leaked an unspecified number of electronics customers’ personally identifying information, including their demographics, date of birth, and product registration details. The filing said that the nationwide class has an interest in recovering for both time and money spent mitigating their damages and ensuring that their personal information is protected from further breaches.
The lawsuit explained that in early September, customers received notice of the breach. Specifically, Samsung said that an unauthorized third party acquired information from some of Samsung’s U.S. systems that contained personal information. The company offered what it said customers were entitled to under U.S. law, one free credit report annually from each of the three major nationwide credit reporting agencies.
The plaintiffs, Samsung smartphone owners, claim Samsung did not do enough to safeguard their information. Specifically, the suit accuses the electronics manufacturer of lapses, including failure to block inbound and outbound Internet, email, and network traffic to foreign countries, maintain a secure firewall, monitor for suspicious or irregular traffic to servers, for suspicious credentials used to access servers, and for suspicious or unknown users.
The complaint argued that the exposed information is valuable to criminals and remediation will command class members’ time and attention. Among the tasks listed, the filing said impacted customers will have to spend time reviewing charges for fraudulent activity and remedying those charges, purchasing credit monitoring and identity theft prevention, and potentially spending time and money addressing identity theft.