Staffing Agency TalentLaunch Named in Data Breach Class Action

Staffing agency TalentLaunch, LLC has been named in a data breach class action (copy attached) filed in the U.S. District Court for the Northern District of Ohio. The company's website describes TalentLaunch as "a nationwide network of independently operated staffing and recruitment firms under common ownership." The firm was named to SIA's list of staffing firms with over $100 million in revenue in 2019.

The lawsuit alleges that in 2023 "at least 120,000 Class Members had their most sensitive personal information accessed, exfiltrated, and stolen..." in a cybersecurity incident that was reported to the state attorney general and class members on March 1, 2024.

The lawsuit is part of the newly emerging legal industry of data breach class actions. The legal theories underlying these cases, and the remedies available to the class members, are all largely untested. These cases typically allege that the companies suffering the breach were at fault for not maintaining adequate data security measures, even though the most sophisticated defenses are not always enough to foil the actions of cyber criminals. This allegations in this case are typical:

Plaintiff and members of the proposed Class are victims of Defendant’s negligence and inadequate cyber security measures. Specifically, Plaintiff and members of the proposed Class trusted Defendant with their PII. But Defendant betrayed that trust. Defendant failed to properly use up-to-date security practices to prevent the Data Breach.

As for the available remedies, in most of these cases the class members can point to no actual harm, and this creates a problem for their lawyers looking to cash in (I assure you they are not doing this as a public service). Hence, the lawsuits usually contain fuzzy damage allegations like these examples from the instant case:

a. The loss of the opportunity to control how their PII is used;
b. The diminution in value of their PII;
c. The compromise and continuing publication of their PII;

The lawsuit also takes issue with the alleged late reporting of the incident by TalentLaunch. Many, if not most, states have laws requiring prompt reporting of data breaches to both the state authorities and the individuals whose data was compromised.

It is going to take the courts years to evaluate the validity of these claims and the legal remedies available, if any. This is likely to happen on a state-by-state basis, leading to a variety of answers across the United States. The only thing that can be said for sure is that if your firm suffers a data breach, you are increasingly likely to receive a lawsuit. In the meantime, you can reduce risk by doing your best to implement a robust data security program, which includes ongoing employee training on avoiding phishing emails. You can also ask you insurance agent if insurance is available, although you can be sure that rates are on rise.