(844) 627-8267
(844) 627-8267

HanesBrands requests dismissals of ransomware lawsuits | #ransomware | #cybercrime

HanesBrands Inc. has filed motions — as expected — to have dismissed federal lawsuits in California and North Carolina over the May 2022 ransomware attack that cost the manufacturer about $100 million in global sales.

The N.C. lawsuit, filed in federal Middle District Court on Oct. 13, has Nicole Toussaint as the plaintiff on behalf of current and former employees. The California lawsuit Roman vs. HanesBrands was filed Oct. 7 in the Central District.

Each plaintiff is requesting class-action status.

HanesBrands disclosed in a May 31, 2022, regulatory filing that it began experiencing the ransomware attack on May 24, 2022.

Ransomware is a type of malicious software employed by hackers that can block access to a computer system until a ransom is paid. In recent years, the targets have shifted from individuals to governments, companies, nonprofits and health care systems.

People are also reading…

HanesBrands said the ransomware attack affected its global supply chain network and ability to fulfill customer orders for about three weeks. The attack resulted in a $35 million reduction in adjusted operating profit for the second quarter of fiscal 2022, while lowering adjusted earnings per share by 8 cents.

The main complaint allegation is that the ransomware attack contributed to a data breach of “certain highly sensitive personal and protected health information” that included name, address, date of birth, financial account information and government-issued identification numbers, and other health and employment accounts.

Toussaint said she wasn’t notified of the data breach until Aug. 16, 2022. Toussaint lives in Maine and was employed as an assistant manager from 2012 through 2018.

The suits ask for compensatory, punitive and other damages, as well as injunctive relief that requires HanesBrands “to strengthen its data security systems and monitoring procedures, submit to future annual audits of those systems, and immediately provide adequate credit monitoring” for up to 10 years.

HanesBrands agreed to provide up to two years’ worth of credit monitoring.

HanesBrands response

In requesting the dismissals, HanesBrands claims the plaintiffs lack standing and have failed to state a claim.

In the response, HanesBrands said it “took extraordinary and immediate action to re-secure the implicated data set.”

That included disclosing that it reached a payment agreement of an undisclosed amount to the ransomware attacker.

In exchange, the attacker agreed to not disseminate the information and to delete the information from its systems with confirmation provided. Hanesbrands said it was provided evidence on June 3, 2022, that those actions had occurred.

HanesBrands has not said whether the attack affected only internal operations, or whether the information held hostage affected employees and customers.

“One full year has passed since the incident, and there has been no indication that the implicated data was posted on the dark web or otherwise made publicly available because of the incident,” HanesBrands said.

Toussaint claims she has received at least three suspicious spam emails per week since the data breach.

Her lawsuit claims the ransomware attack was successful “as a direct result of defendant’s failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect individuals’ private information with which it was entrusted for employment or other business purposes.”

“Had HanesBrands properly monitored its property, it would have discovered the intrusion earlier.”

HanesBrands claims “the actual facts here make it impossible for plaintiffs to establish standing.”

“Each of plaintiffs’ claimed ‘injuries’ is premised upon the single proposition that a third-party threat actor still possesses plaintiffs’ data.”

“But that is simply untrue.”

HanesBrands also cited that “North Carolina has not imposed a generalized duty for employers to provide data security to former employees.”

[email protected]



Source link

National Cyber Security