At a glance.
- Accellion faces class action suit on behalf of Washington residents affected by data breach.
- Accellion breach affects Singtel customer data.
- US Eleventh Circuit Court of Appeals rules fear of future identity theft doesn't give standing.
Seattle attorney files class action suit in connection with Washington State data breach.
Accellion, the software vendor whose compromised file-sharing system FTA (File Transfer Appliance) led to a data breach in the state Auditor's office, has been named the defendant in a class action suit filed on behalf of Washington residents whose personal information was exposed, Q13Fox reports. The data exposed includes "names, Social Security numbers, driver’s license numbers, bank information and place of employment." Accellion has pointed out that the organizations affected were using an older, legacy version of its software that Accellion had urged them to upgrade.
Singtel breach also linked to Accellion.
The Economic Times reports that Singtel, Singapore's principal telecom carrier, is also investigating a data breach that appears to be linked to the Accellion compromise. Singtel said:
"Accellion has informed that this incident is part of a wider concerted attack against users of their file sharing system," the Channel News Asia reported quoting Singtel release.
"Customer information may have been compromised. Our priority is to work directly with customers and stakeholders whose information may have been compromised to keep them supported and help them manage any risks.
"We will reach out to them at the earliest opportunity once we identify which files relevant to them were illegally accessed,"
The company says it has suspended its use of Accellion's FTA.
The compromise at Accellion has had the sort of ripple effect seen in the earlier Blackbaud breach, in which customers of a vendor's customers have seen personally identifiable information exposed. In the case of Accellion, the effects have been felt not just in Washington State, but as far away as New Zealand and as close as Colorado.
Fear of future identity theft and standing to sue.
JD Supra reports that the US Eleventh Circuit has found, ruling in Tsao v. Captiva MVP Restaurant, that fear of future identity theft doesn't by itself meet the standard of “certainly impending” or a “substantial risk” that the US Supreme Court has established in such cases. The Circuit Courts are, in general, split on the issue of Article III standing in cases involving possible identity theft. As JD Supra notes, the issue is likely to go unsettled until it's taken up by the US Supreme Court. "Overall, the Eleventh Circuit’s ruling in Tsao is welcome news for data breach defendants, particularly retail breach defendants. But it is not likely to be the last word on the issue of whether fear of future identity theft is sufficient to establish federal standing."