Dec 23, 2024

Morley Companies Inc. Agrees to $4.3M Class Action Settlement

by Nadia El-Yaouti | Dec 27, 2022
A hand wearing a black glove on a laptop keyboard, with a screen displaying the word "RANSOMWARE" in bold letters against a red background. Photo Source: Hacker breaches data (Zephyr_p/Shutterstock)

Morley Companies Inc. has agreed to a $4.3 million payment to settle a class-action lawsuit following a data breach that compromised sensitive information from its clients and customers.

The Michigan-based company operates by providing business process outsourcing to its contracted companies. Many industries including the health sector receive services from Morley Companies Inc. including customer help desk, sales, and marketing support, meetings, and other services.

As part of its business dealings, the company collects sensitive information from both clients and customers including names, Social Security numbers, addresses, dates of birth, driver's license information, and information pertaining to their medical and health background.

On August 1, 2021, Morley discovered that ransomware-type malware restricted them from accessing some data. The company has not disclosed exactly how the attack took place and how threat actors were able to breach its cyber security defenses.

Despite discovering the breach in August 2021, the company took nearly five months to report the attack. When they did notify the public, about 700,000 individuals received letters alerting them that their data was potentially compromised in the breach.

As a result of the attack and the delayed notification, the company was the subject of at least 15 lawsuits from individuals whose information was compromised. These lawsuits deemed that Morley was negligent in its cybersecurity practices.

Despite agreeing to the $4.3 million-dollar settlement, the company has denied any wrongdoing. Still, it agreed to the settlement to avoid the growing cost of ongoing litigation according to company executives.

As part of the settlement, class members may be able to recover reimbursements of up to $2,500 of documented out-of-pocket expenses that resulted from the data breach. Such out-of-pocket expenses can include the following:

  • Losses related to fraud or identity theft
  • Personal fees that were paid out to attorneys and credit reporting agencies
  • Personal fees paid out for credit monitoring services from August 1st, 2021
  • Losses related to freezing and unfreezing credit
  • Other losses associated with the data breach

The settlement will also allow eligible class members to receive three years of credit monitoring and enroll in a credit monitoring service. As part of the settlement, if any additional funds remain after reimbursement of an additional cost, eligible class members may receive extended credit monitoring.

This tentative settlement agreement will be the largest healthcare data breach settlement in December 2022, but not the first of its kind in recent months. The final hearing that will approve the settlement is set for April 2023.

Share This Article

If you found this article insightful, consider sharing it with your network.

Nadia El-Yaouti
Nadia El-Yaouti
Nadia El-Yaouti is a postgraduate from James Madison University, where she studied English and Education. Residing in Central Virginia with her husband and two young daughters, she balances her workaholic tendencies with a passion for travel, exploring the world with her family.

Related Articles

Hands typing on a backlit keyboard, representing cybersecurity and potential data breach scenarios.
CareSource Faces Multiple Lawsuits After Cybersecurity Data Breach

A data breach that targeted an Ohio-based insurance company has prompted multiple lawsuits including a class action lawsuit filed by victims who lost sensitive personal information following the data breach. One class action suit is seeking more than $9.9 million in damages. CareSource, the administrator of one of the nation’s... Read More »

A dermatologist examining a patient's hand with a medical light.
Forefront Dermatology to Pay Nearly $4 Million Following 2021 Data Breach

Wisconsin-based healthcare operator Forefront Dermatology has agreed to a $3.75 million settlement to end a class action lawsuit over a 2021 data breach. The organization operates a number of dermatology offices across the U.S. In 2021 a known ransomware group was able to exploit vulnerabilities within Forefront Dermatology’s network and... Read More »

A close-up of hands typing on a laptop keyboard with green code displayed on the screen, illustrating themes of cybersecurity and data breaches.
Massachusetts-Based Company Faces Multiple Lawsuits After Data Breach

A Massachusetts-based company that specializes in background checks is at the center of four lawsuits. The lawsuit accused the company, Creative Services, Inc., of negligently failing to protect the private information of its clients. The company, which is located in Mansfield, Massachusetts, offered services to employers, universities, and government agencies... Read More »