Convergent Outsourcing settles data breach suit for $2.45Mn
WASHINGTON, UNITED STATES — Debt collection agency Convergent Outsourcing agreed to a $2.45 million settlement over allegations that it failed to prevent a significant data breach in 2022.
The breach reportedly compromised the personal information of over 640,000 individuals, including Social Security numbers, financial account information, and other sensitive data.
The class action lawsuit accused Convergent of neglecting to implement reasonable cybersecurity measures that could have thwarted unauthorized access to consumer data.
Under the terms of the settlement, affected individuals, whom Convergent notified about the potential compromise of their data, are eligible for compensation.
Class members can claim up to $1,500 for ordinary losses related to the breach. These losses may include fraud or identity theft damages, credit monitoring expenses, bank fees, communication charges, travel expenses, and compensation for up to 10 hours of lost time at a rate of $30 per hour.
For those who suffered more severe consequences, the settlement provides for claims of up to $10,000 for extraordinary losses directly linked to the breach. This includes more significant identity theft damages, fraudulent charges, falsified tax returns, and other misuses of personal information.
Alternatively, claimants have the option to receive a pro-rata share of the remaining settlement fund. However, if the total settlement costs, attorney fees, expenses, service awards, and individual claims exceed the fund’s limit, those who opted for the pro-rata payment might not receive compensation.
The class action lawsuit is a stark reminder of the importance of strong cybersecurity measures and the potential consequences businesses face when consumer data is not protected.
Convergent Outsourcing was also involved in a legal case with Missouri-based bank UMB Financial after the debt collector abruptly withdrew its services.
Per UMB’s lawsuit, Convergent blamed the service failure on “unauthorized access” by a “threat actor” to their data centers and malware in certain IT systems. However, UMB alleged that Convergent failed to institute necessary safeguards to maintain service continuity during external system attacks.
