A former Quaker Window Products employee has filed a class action complaint after an unauthorized user accessed files on Quaker’s computer network.

According to a Notice of Data Security Incident Report filed by Quaker, the potentially affected information varied by individual but could include names, addresses and Social Security numbers. A data breach notification posted to the attorney general’s website says that around 11,000 individuals were affected by the event on Nov. 25, 2023. According to the notice, the company immediately initiated an investigation.

Quaker Windows and Doors (pictured) fell victim to a data breach in late 2023. A former employee now alleges the company failed to safeguard employee information.

Following the data breach, a class action complaint was filed by Kylie Noakes on Jan. 18, 2024, in the U.S. District Court for the Western District of Missouri. Noakes accuses the company of failing “to properly secure and safeguard plaintiff’s and other similarly situated employees’ and customers’ sensitive information.”

The complaint alleges Quaker “failed to adequately protect plaintiff’s and class members’ [personally identifiable information (PII)]––and failed even to encrypt or redact this highly sensitive information.” She alleges that because of the data breach, she and “all others similarly situated” have suffered an “invasion of privacy; theft of PII; lost or diminished value of PII; lost time and opportunity costs associated with attempting to mitigate the actual consequences of the data breach; loss of benefit of the bargain; lost opportunity costs associated with attempting to mitigate the actual consequences of the data breach; and the continued and certainly increased risk to their PII.”

Her representation also alleges that the information that was initially compromised “remains unencrypted and available for unauthorized third parties to access and abuse” and “remains backed up in Quaker’s possession and is subject to further unauthorized disclosures so long as Quaker fails to undertake appropriate and adequate measures to protect the PII” as outlined by the Federal Trade Commission.

However, Quaker argues that it immediately engaged cybersecurity experts to assist with the process. Legal documents indicate that by Dec. 22, 2023, the company had identified those whose data had been compromised and “took steps to obtain addresses for those individuals whose information was involved,” including contacting them by letter starting December 29.

“Quaker takes data security seriously,” says Bill Sifflard, Quaker’s chief marketing officer. “Upon learning of the network security incident, Quaker acted promptly to minimize any disruption to our operations while investigating and mitigating the effects. During the investigation, Quaker took prompt action to notify anyone potentially affected by the incident and offered them free access to credit monitoring and identity protection services out of caution. Due to pending class action litigation, Quaker has no further comment to provide at this time.”

Ultimately, the lawsuit alleges negligence, negligence per se, breach of implied contract, and unjust enrichment. Noakes and her representation ask for a jury trial to settle the matter.

Leave a Reply

Your email address will not be published. Required fields are marked *