Recently, Perkins & Co. (“Perkins”) confirmed a data breach resulting from a data security incident at a third-party company used by Perkins to store data in the cloud. According to Perkins, the breach resulted in the compromise of the following data: names, social security numbers and financial account numbers. Perkins estimates that the recent data breach affected 354,647 people. On May 27, 2022, Perkins filed a formal notice of breach and sent data breach letters to all affected parties.
If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself against fraud or identity theft and what legal options are available to you following the Perkins & Co. data breach, please see our recent article on the subject. here.
What Caused the Perkins & Co. Data Breach?
Information about Perkins’ data breach comes primarily from various letters the company filed with state regulatory agencies following the incident. Evidently, around December 3, 2020, Netgain Technologies (“Netgain”), a provider used by Perkins to host its data in the cloud, informed Perkins that Netgain had recently suffered a ransomware attack.
After Perkins learned of the ransomware attack at Netgain, the two companies communicated frequently about the incident. On January 15, 2022, Netgain transmitted the following to Perkins management: Between the dates of November 8, 2020 and December 3, 2020, an unauthorized party accessed these Netgain servers containing Perkins data. The unauthorized party also copied and stole some of the files from the server. The unauthorized party also encrypted the files and asked Netgain to pay a ransom in exchange for returning the stolen files. Netgain paid the ransom and the unauthorized party returned the files it had stolen and provided Netgain with a decryption key.
After discovering that sensitive consumer data was being accessed by an unauthorized party, Perkins & Co. then conducted its own investigation into the incident to determine if any of the consumer data in the company’s possession had been compromised. Although the information disclosed will vary depending on the individual, it may include your name, social security number, and bank account number.
On May 27, 2022, Perkins & Co. sent data breach letters to everyone whose information was compromised as a result of the recent data security incident.
More information about Perkins & Co.
Perkins & Co. is an accounting firm based in Portland, Oregon. Perkins offers a wide range of services to individuals and organizations including business advisory services, tax services, estate planning, litigation assistance, employee benefit plan audits, and more. . Perkins & Co. employs over 156 people and generates approximately $29 million in annual revenue.
Who is responsible for a data breach?
Following a data breach, victims often wonder who can be held responsible for the leak of their information. Under US data breach laws, all organizations in possession of consumer data have an obligation to protect the information in their possession. This includes organizations that receive consumer information directly as well as third-party companies that receive data through an intermediary.
In the case of the Perkins data breach, there is no evidence that Perkins was negligent in maintaining its own data security systems. However, based on evidence that will come out in the future, it is possible that Perkins is negligently trusting consumer data to Netgain. For example, this may be the case if Perkins had reason to believe that Netgain’s servers were insecure or that the company had a history of mishandling consumer data.
Of course, Netgain could also be liable for the breach. Organizations and their data security systems are the first line of defense against cyberattacks. Companies that choose not to maintain robust data security systems do so at great risk to consumer privacy, as hackers routinely target companies known to have inadequate protections in place.
The bottom line is that data breach laws provide a mechanism for victims of a data breach to pursue a claim against the company responsible for the breach. However, determining which company is responsible requires an in-depth knowledge of complex data breach laws. Those seeking answers in the wake of the Perkins data breach should consult an experienced data breach attorney to learn more about their rights.