Delayed Data Breach Disclosure Spawns Big Class Action

On or about March 12, the well-named cybercrime gang Money Message struck PharMerica, a pharmacy company that services more than 3,100 long-term care and other pharmacy programs. The gangsters had unfettered access to the company’s data for at least two days, maybe more, after which another delay ensued that may prove to be even more costly; PharMerica didn’t reveal who “had their most sensitive personal information accessed, exfiltrated and stolen” until at least May, according to a class action lawsuit that has been filed on behalf of the approximately 5.8 million victimized consumers. “Defendant’s failure to timely detect and report the Data Breach made its consumers vulnerable to identify theft without any warnings to monitor their financial accounts or credit reports to prevent unauthorized use of their PII,” according to the filing.