Trade Law Daily is a Warren News publication.
'Significant Time'

Philadephia Inquirer's Data Breach Notice Had 3 Pages on Mitigation Steps: Class Action

The Philadelphia Inquirer’s April 29 notice letter about a May 2023 data breach includes three pages devoted to steps victims can take to help protect their personally identifiable information (PII), said a class action (docket 2:24-cv-02106) Thursday in U.S. District Court for Eastern Philadelphia. Steps included enrolling in credit monitoring services the defendant is offering victims, it said.

Sign up for a free preview to unlock the rest of this article

Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.

The newspaper's “extensive suggestion of steps" plaintiff and class members should take to protect themselves from identity theft and fraud demonstrates the “significant time" that former employee Sheree Mosley, a Brookhaven, Pennsylvania, resident, and class members must undertake in response to the data breach, said the complaint.

The letter Mosley received from the Inquirer said her PII was “improperly accessed and obtained by unauthorized third parties, including her full name, and Social Security number.” Mosley’s resulting injuries include invasion of privacy; theft of her PII; lost or diminished value of her PII; and lost time and opportunity costs associated with attempting to mitigate the consequences of the breach. Her PII remains “unencrypted and available for unauthorized third parties to access and abuse” and still in the Inquirer’s possession, where it’s “subject to further unauthorized disclosures” as long as the defendant “fails to undertake appropriate and adequate measures to protect" it, the complaint alleged.

Mosley also suffered actual injury in the form of an increase in spam calls, texts, and emails, likely caused by the breach, said the complaint. The breach has caused her to feel “fear, anxiety, and stress,” compounded by the lack of information the Inquirer has provided about key details of the breach, it said. She expects to spend “considerable time and money on an ongoing basis to try to mitigate and address harms caused,” it said.

Mosley claims negligence and negligence per se, breach of implied contract and unjust enrichment. She seeks for herself and the class equitable relief from the Inquirer’s wrongful conduct alleged; an order requiring it to encrypt all data collected through the course of its business in accordance with industry standards and federal, state, or local laws; and an order requiring the newspaper to implement a comprehensive information security program.

The plaintiff also seeks an award of damages, including actual, statutory, nominal, and consequential damages; attorneys’ fees and costs; and prejudgment interest. The Inquirer didn't comment Friday.