Two plaintiffs are suing Acrisure LLC in putative class-action lawsuits in connection with a data breach that occurred over a nearly two-month period beginning in December 2022.
The similar lawsuits were filed in U.S. District Court in Grand Rapids, Michigan, in separate judges’ courts. Carlos Dias Jr. v. Acrisure LLC was filed last Friday, and Erika Wooley v. Acrisure LLC was filed Monday.
The lawsuits say that on Nov. 10 Acrisure notified state attorneys general and many class members of the Dec. 1, 2022, through Jan. 28 breach. Data stolen included Social Security numbers, protected health information and driver’s license numbers.
The Grand Rapids-based brokerage’s letter to class members said once it became aware of “unusual activity” on its systems it investigated and learned an unauthorized third party had gained access to a portion of its network that contained files, including those with personal information.
The Wooley lawsuit states that “Acrisure has not implemented reasonable cybersecurity safeguards or policies to protect its consumers’ sensitive information or trained its IT or data security employees to prevent, detect, and stop breaches of its systems.
“As a result, Acrisure leaves significant vulnerabilities in its systems for cybercriminals to exploit and gain access to consumers’ sensitive information.”
Both lawsuits include charges of negligence, invasion of privacy, breach of contract, and unjust enrichment and seek damages and attorneys fees.
Acrisure, the 6th largest U.S. broker, according to Business Insurance’s latest ranking, did not respond to a request for comment.
Based in New York, Stephen Freeman is a Senior Editor at Trending Insurance News. Previously he has worked for Forbes and The Huffington Post. Steven is a graduate of Risk Management at the University of New York.