Professional Finance Company Settles Class Action Data Breach Lawsuit for $2.5 Million
Professional Finance Company, one of the leading debt collection agencies in the United States, has agreed to settle a class action lawsuit that alleged negligence for failing to implement reasonable and appropriate measures to protect the sensitive data provided by its healthcare clients. The Greeley, CO-based company suffered a ransomware attack on February 26, 2022. The attack was blocked but not in time to prevent unauthorized access to sensitive data.
The internal investigation confirmed that 657 of its healthcare provider clients were affected. Data exposed in the incident included names, addresses, accounts receivable balances, information regarding payments made to accounts, and, for some individuals, birth dates, Social Security numbers, health insurance information, and medical treatment information. The affected clients were notified about the breach on May 5, 2022, and the breach was reported to the HHS’ Office for Civil Rights as affecting 1,918,941 individuals, although some affected clients chose to report the breach separately.
Several lawsuits were filed in response to the data breach and were combined into a single action – Rodriguez v. Professional Finance Co. Inc.– in the U.S. District Court for the District of Colorado. The lawsuit asserted claims of negligence, breach of implied contract, breach of third-party beneficiary contract, unjust enrichment, invasion of privacy, and violations of the Colorado Consumer Protection Act, Arizona Consumer Fraud Act, California Customer Records Act, California Unfair Competition Law, California Consumer Privacy Act, Nevada Consumer Fraud Act.
Professional Finance Company denies all claims asserted in the lawsuit and any wrongdoing or liability; however, a settlement was agreed to bring the litigation to an end. Under the terms of the settlement, all class members are entitled to submit a claim for up to $500 for reimbursement of losses and expenses incurred as a result of the data breach, including credit expenses, bank charges, and unreimbursed losses due to identity theft and fraud.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Class members who were California residents at the time of the data breach are also entitled to a cash payment of $50, and all class members can receive 24 months of complimentary identity monitoring services. The proposed settlement has received preliminary approval from the court and the final approval hearing has been scheduled for April 17, 2025. All claims must be submitted by February 12, 2025. Further information can be found on the settlement website – https://professionalfinancesettlement.com/
