tl;dr
A court has preliminarily approved a $2.3 million settlement for over 71,000 victims of a 2023 data breach at Sysco, a major food distributor. The breach exposed personal information including names, Social Security numbers, and payroll data. Victims may claim up to $5,000 for documented losses rela...
A court has preliminarily approved a $2.3 million settlement for over 71,000 victims affected by a 2023 data breach at Sysco, a major food distributor. The breach exposed sensitive personal information, including names, Social Security numbers, and payroll data.
The settlement offers up to $5,000 for documented losses related to identity theft, along with additional payments ranging from $100 to $599 to cover identity theft-related expenses. This compensation aims to assist victims in mitigating the financial impact caused by the breach.
The lawsuit, filed by Sysco truck driver Joseph Trottier, alleges that Sysco failed to take adequate and reasonable measures to protect personally identifiable information (PII). Specifically, the company is accused of not preventing unauthorized access, neglecting proper encryption protocols, and failing to follow required data protection policies.
Victims face a lifelong risk of identity theft due to the stolen unencrypted information potentially being sold on the Dark Web. Hackers who accessed the data may offer the unredacted PII to criminals, increasing the threat of identity misuse.
Sysco discovered the breach in March 2023 after detecting unauthorized access to their systems. Notification was sent to affected individuals around May 2023. The incident highlights critical challenges faced by companies in safeguarding personal data in today’s digital environment.