Paytime facing lawsuit over data breach

(Harrisburg) — The Pittsburgh law firm Carlson Lynch is bringing a federal class-action lawsuit against the midstate payroll processor Paytime. It’s believed to be the first legal action taken against the company since a data breach in April.

The lawsuit with three plaintiffs, including one from New Cumberland and another from Lancaster, is in U.S. District Court for the Middle District of Pennsylvania.

The suit alleges Paytime was negligent by failing to adequately protect against data breaches, and thus, broke the contract between Paytime and employers who used the payroll processor.

Hackers broke into the Paytime database in early April, but the hack wasn’t detected until later that month.Social Security numbers, bank account information, and home addresses, among other information, was stolen by the hackers.

The Cumberland County based companystarted notifying the more than 233,000 affected on May 21st.

The plaintiffs are asking for credit monitoring, bank monitoring, and identity theft services for 25 years, plus monetary damages.

A Paytime spokesperson declined to speak on tape, but says in a statement the company is confident in the efforts it made to protect data.

U-S District Court Judge John Jones III has set a hearing for August 29th.

Earlier, experts in this area of the law said a lawsuit was likely.

Federal class-action lawsuit against Paytime over data breach

Carlson Lynch’s statement in full:

“Our preliminary investigation revealed that Paytime first had its systems accessed by unauthorized individuals on April 7, 2014, discovered the security breach on April 30, 2014, and then waited until May 12, 2014, to begin sending out notifications about the breach. The compromised information at issue in this case includes the full legal names, Social Security numbers, bank account data, street addresses, birth dates, wages, hiring dates, and phone numbers of the affected individuals. To date, over 233,000 individuals have had their personal and financial information misappropriated as a result of the breach of Paytime’s computer network.”

“We believe that Paytime is legally at fault for the data breach because the company was negligent by failing to adopt, implement, and maintain adequate security measures to safeguard Plaintiffs’ and proposed Class members’ personal and financial information, failing to adequately monitor the security of its networks, allowing unauthorized access to Plaintiffs’ and Class members’ personal and financial information, and failing to recognize in a timely manner that Plaintiffs’ and Class members’ personal and financial information had been compromised. We also believe that Paytime breached its contracts with the Plaintiffs and Class members by failing to safeguard and/or protect the Plaintiffs’ and Class members’ personal and financial information from being compromised or stolen.”

Paytime’s statement in full:

“As Central Pennsylvania communities are aware, Paytime has been taking, and continues to take the matter of the data security incident very seriously. We are working with internal and third party investigators, the Secret Service, incident response vendors, our business partners, our staff, our clients, their employees and the community to address the concerns and issues that may exist. Now that a complaint has been filed, we must respect the judicial process. There is a formal process we must follow to address the allegations and accusations in the complaint. At this time we are not free to discuss this further. We are confident our good faith efforts to preserve the security and confidentiality of information in our control will prevail in this matter.”