A Massachusetts-based company that specializes in background checks is at the center of four lawsuits. The lawsuit accused the company, Creative Services, Inc., of negligently failing to protect the private information of its clients.

The company, which is located in Mansfield, Massachusetts, offered services to employers, universities, and government agencies across the nation. Among their services, CSI offered background checks, drug and alcohol testing, and security consultation. When clients needed to conduct background checks on employers or other individuals, they would send that individual's personal information to CSI. The wide scope of services offered by the company is what led them to obtain a database containing the sensitive information of thousands of individuals.

The company’s legal woes began on November 26th, 2021, after officials noticed unusual activity on CSI’s computer systems. As a result of the activity, they determined that there was a data breach through a cyber security attack. CSI detailed that an unauthorized party was able to access different files within the company's computer system. Among these files was sensitive information including names, dates of birth, driver's license numbers and Social Security numbers of individuals they had served. CSI shared in a letter detailing the cyber security attack that 164,673 people were impacted by the data breach. Three months after being made aware of the data breach, the company sent out letters to individuals who had their personal information compromised.

Local client Boston University sent out letters to students and employees who were impacted by the breach. Other clients also followed similar measures in which they sent out notices about the cyber attack that resulted in sensitive information being leaked.

Following the leak, CSI shared that it would be putting in place “enhanced security measures.” The company also offered impacted individuals credits including two years of free credit monitoring, identity theft restoration, and fraud consultation.

Despite these measures to reverse the impact felt by the breach, the four lawsuits accuse the security firm of failing to take proper precautions in order to secure sensitive data.

The first of the four lawsuits which were filed on March 3rd details that CSI “assumed legal and equitable duties to those individuals to protect and safeguard that information from authorized access and intrusion. Defendant's conduct in breaching his duties amounts to negligence and/or recklessness and violates federal and state statutes.”

The lawsuit along with the other three suits lay blame on the security firm for heightening the risk of fraud and identity theft of those individuals who had their data leaked. CSI has also been criticized for waiting too long before alerting those individuals impacted.

Each of the four lawsuits which were brought forward by individuals impacted is seeking to have a class action case established against the company.