Progress Software Corp. Faces Class Action Over Data Breach

In an unfolding legal drama, Jerry McDaniel and Barbara C. Cruciata, have filed a class-action lawsuit against Progress Software Corporation (PSC) and Maximus Federal Services, Inc. The plaintiffs allege that these companies failed to secure and safeguard their personally identifiable information (PII), leading to a significant data breach.

PSC, a Massachusetts-based software company, offers a range of software products and services, including cloud hosting and secure file transfer services like MOVEit. Maximus Federal Services, on the other hand, is a private contractor providing appeals services in support of the Medicare program.

The crux of the lawsuit revolves around a vulnerability in PSC's MOVEit software. This vulnerability allegedly allowed unauthorized access to files across multiple organizations, including Maximus. The data breach involved the unauthorized access and theft of PII, including names, Social Security numbers, birthdates, medical histories, insurance policy numbers, and driver's license information.

"Plaintiffs and Class Members face a current and ongoing risk of identity theft and have suffered various damages, including invasion of privacy, financial costs, loss of time and productivity, and anxiety," the complaint states. The plaintiffs argue that the defendants had a duty to properly safeguard the PII and failed to implement reasonable data security practices. This failure, they claim, occurred despite the defendants being aware of the risks and previous data breaches in the industry.

The lawsuit alleges that the defendants' failure to adequately safeguard the Private Information resulted in a data breach. This breach, they claim, led to actual injuries and damages, including invasion of privacy, out-of-pocket costs, loss of time and productivity, and the continued risk to their Private Information.

"The value of Private Information in the black market and data brokering industry is significant," the lawsuit states, highlighting the potential financial implications of the breach.

The plaintiffs are seeking a range of remedies, including compensatory damages, reimbursement of costs, future identity theft monitoring, and improvements to the defendants' data security systems. "Injunctive relief is necessary to protect against future data breaches," the complaint argues, indicating that the plaintiffs are seeking not only compensation but also preventative measures to avoid future breaches.

The lawsuit also seeks to represent a Nationwide Class and a Maximus Subclass, arguing that class action litigation is the most efficient and appropriate method for adjudicating the claims. "Plaintiffs will fairly and adequately represent the Class Members' interests," the complaint states, suggesting that the plaintiffs believe they can adequately represent the interests of others affected by the alleged data breach.

The lawsuit accuses the defendants of negligence, breach of contract, negligence per se, and unjust enrichment. The plaintiffs are seeking certification of the Class, appointment as representatives, and a jury trial.

The plaintiffs also request a declaration that the defendants' data security measures are inadequate and an order for the defendants to implement and maintain reasonable security measures. They also seek an order for the defendants to delete unnecessary Private Information and to provide education and training on data security.

"Plaintiffs request an independent third-party assessment of Defendants' compliance with the court's final judgment," the complaint states, indicating a desire for external oversight of the defendants' actions moving forward.

This lawsuit serves as a stark reminder of the importance of data security in the digital age, and the potential legal and financial implications for companies that fail to adequately protect their customers' PII.

‍