A retirement plan participant has filed a lawsuit against Transamerica Retirement Solutions, alleging that it failed to exercise reasonable care in securing and safeguarding its clients’ personally identifiable information (PII)—including names, addresses, Social Security numbers and retirement fund contribution amounts.
The proposed class action lawsuit was filed on behalf of individual participants in plans served by Transamerica who had their PII accessed by unauthorized parties after a data breach that occurred in or around June. The lawsuit says the plaintiff was not notified by Transamerica until nearly four months after Transamerica became aware of the breach.
When he was notified, the plaintiff was also offered two years of credit monitoring through Equifax, which the lawsuit says is ineffective for the plaintiff and other class members. “The Equifax credit monitoring would have shared [the plaintiff’s] information with third parties and could not guarantee complete privacy of his sensitive PII,” the complaint states.
The lawsuit claims that for years following the data breach, retirement plan participants who were affected will experience “a slew of harms as a result of the defendant’s ineffective data security measures.” It says the plaintiff has already experienced a number of fraudulent purchase requests and spam calls in his name since the data breach, which the lawsuit says will negatively affect his finances in the future.
The complaint alleges that the data breach occurred because Transamerica failed to take reasonable measures to protect the PII it collected and stored. “[The] defendant disregarded the rights of the plaintiff and class members by intentionally, willfully, recklessly or negligently failing to take and implement adequate and reasonable measures to ensure that the plaintiff and class members’ PII was safeguarded, failing to take available steps to prevent an unauthorized disclosure of data, and failing to follow applicable, required and appropriate protocols, policies and procedures regarding the encryption of data, even for internal use,” the complaint states.
It includes lists of recommended actions to protect the PII of clients.
The lawsuit makes claims for negligence, breach of contract, breach of implied contract, breach of fiduciary duty and violations of New York General Business Law Section 349.
In a statement to PLANSPONSOR, Transamerica said: “Transamerica has become aware of a lawsuit filed recently in the Southern District of New York that asserts claims against our retirement operations. The allegations in the lawsuit are inaccurate and misleading. At no time did unauthorized individuals gain access to Transamerica’s systems as the lawsuit suggests. The allegations that Transamerica failed to meet legal or regulatory obligations are false. Transamerica is proud of the services we provide to our retirement plan clients, and we will vigorously defend against this lawsuit.”