Oklahoma Department of Securities accused of negligence in class-action lawsuit
The personal data that was exposed "included more than 30 years of files, dating back to at least 1986, containing information such as plain text passwords, system credentials, Social Security numbers, financial account numbers, and personal identifying information such as gender, height, weight, hair color, eye color, date of birth and state and county of birth," the lawsuit states.
The personal data was exposed over the internet for at least 13 days before the breach was detected by an outside cybersecurity research firm which notified the department, according to the lawsuit.
Larson and Mims said the department took about five months to notify them of the data breach, which increased their risk of becoming victims of identity theft.
Mims "has had multiple fraudulent inquiries and at least (one) fraudulent credit line opened in his name, and has spent hours of his time vigilantly reviewing his credit reports and contesting fraudulent activity," the lawsuit states.
The Department of Securities offered victims 12 months of identity theft monitoring, but the lawsuit claims that is inadequate because the fraudulent use of information obtained through data breaches often continues for years.
The lawsuit seeks unspecified monetary damages and injunctive relief.
window.fbAsyncInit = function() {
FB.init({
appId : '211740625534903',
autoLogAppEvents : true,
autoLogAppEvents : true,
xfbml : true,
version : 'v3.3'
});
};
(function(d, s, id){
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) { return; }
js = d.createElement(s); js.id = id;
js.src = "https://connect.facebook.net/en_US/all.js";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));
Gloss