- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
- 세일포인트 기고 | 2025년을 맞이하며… 머신 아이덴티티의 부상이 울리는 경종
Background Check Company Sued Over Data Breach
Four parallel data breach lawsuits have been filed against a 45-year-old background check services company based in Massachusetts.
Creative Services, Inc. (CSI), located in Mansfield, provides background screening, drug testing and security consulting services to employers, institutions and governments in the United States and overseas.
According to an official filing by the company, on November 26 2021, CSI detected suspicious activity on its computer systems. The company then learned that an unauthorized individual had gained access to the company’s network and may have copied certain files dating from November 2018 to November 2021.
By the end of January 2022, an investigation into the activity had revealed that personal identifying information (PII) belonging to CSI’s clients had been compromised in the security incident. Data impacted by the incident included names, dates of birth, financial account numbers, Social Security numbers and driver’s license numbers
In February 2022, CSI began mailing out data breach notification letters to individuals whose information was contained in the breached files. As many as 164,673 individuals may have been impacted by the breach.
“We take this incident and the security of personal information seriously,” said CSI in a notice of data privacy incident letter.
“While we have existing safeguards in place, as part of our ongoing commitment to the privacy of personal information in our care, we are working to implement enhanced security measures.”
CSI offered complimentary access to 24 months of credit monitoring, fraud consultation and identity theft restoration services to impacted individuals.
The company’s breach discovery came two months after CSI notified over a thousand individuals that their PII had been obtained by unauthorized persons in a separate data security incident.
Earlier this month, four lawsuits were filed, each attempting to establish a class-action case against CSI. The plaintiffs alleged that the company failed to effectively protect the PII of the people whose backgrounds it was hired to check.
In the most recently filed suit, plaintiff Santos Acosta of New York accuses CSI of “recklessly or negligently failing to implement and maintain adequate and reasonable measures to ensure that the PII was safeguarded.”
Acosta further claims that CSI failed to follow appropriate policies and procedures regarding the data encryption.