2 min read

TRC Staffing Hit with Two Class Actions Over Data Breach

The trend continues

Atlanta based TRC Staffing Services, Inc., d/b/a TRC Talent Solutions, has been hit with two competing class actions (copies attached below) arising out of a March 2024 ransomware attack. The pattern is becoming familiar. Following a cyber event, a company provides the required notices to regulators and individuals whose personal information may have been compromised. Enterprising plaintiffs' lawyers then find a single individual who they can use as a class representative in a class action lawsuit, and race to the courthouse to file the lawsuit.

As previously reported by Staffing Legal News, this is the new frontier of data breach class actions:

Staffing Agency TalentLaunch Named in Data Breach Class Action
Staffing agency TalentLaunch, LLC has been named in a class action (copy attached) filed in the U.S. District Court for the Northern District of Ohio. The lawsuit is part of the newly emerging legal industry of data breach class actions.

The main issue that is being litigated in these cases is whether the class members can recover damages without proof that the compromise of their personal information caused any actual harm. Unfortunately, the trend is not favorable. As reported by attorney Gerald L. Maatman, Jr. at Duane Morris:

[W]hereas data breach actions pursued a decade ago faced little prospect of success, recent court decisions provided a roadmap for plaintiffs to attempt to show standing and successfully plead duty, causation, and damages, thereby providing additional momentum for the plaintiffs’ class action bar.

Staffing firms are particularly vulnerable to cybersecurity class actions because of their large stores of personal information. The starting point for reducing your exposure is an intentional focus on data security, including training of personnel. In addition to reducing the risk of an intrusion, if there is an event and lawsuit, the value of the case will be reduced if you are able to demonstrate that your firm invested in industry standard cybersecurity measures.