Carvin Software, which specializes in providing digital services to recruitment and financial agencies, is facing a class-action lawsuit after a reported breach that may have affected hundreds of thousands of people.
The software provider, whose clients include Apple Staffing, Arastaff, Complete Labor, EmployUS, and Personnel Services, said that it discovered the breach in March.
“Carvin Software identified unusual activity on certain systems within our computer network,” it said in a letter of notification to potential victims. “We promptly isolated the affected systems and commenced a comprehensive investigation into the full nature and scope of the activity.”
Concluded on March 29th, “the investigation determined that certain files were copied from our network without authorization” between February 22nd and March 9th. These included names, Social Security numbers, and sensitive financial information.
Such data is gold dust for the enterprising cybercriminal, who can use it for crimes such as phishing, credit card fraud, and online impersonation, resulting in often severe losses for victims.
Though incorporated near Phoenix, Arizona, Carvin was obliged to report the incident on May 19th to the Attorney General’s Office in Maine, which imposes strict cybersecurity notification requirements for any attacks that affect its residents.
While just 5,679 state residents were affected, the national, or possibly even global, total of victims stands at 356,871.
Despite this frank disclosure and notification of federal authorities, things are not looking good for the software provider, which now has a case to answer against some 187,000 US plaintiffs who have launched a class-action lawsuit against it.
The suit will be prosecuted by the Lyon Firm, which released an announcement on May 9th saying tha it was “actively involved in class-action personal privacy and data theft cases and is currently investigating Carvin Software data breach claims for plaintiffs nationwide.”
At the time of writing, Carvin’s website was blocked for security reasons and therefore unaccessible to Cybernews.
Your email address will not be published. Required fields are markedmarked