By Michael Loney

April 20 - (The Insurer) - U.S. insurance broker Lockton has had class action litigation brought against it following a data breach last November.

Eleven suits were filed in the Western District of Missouri at the end of March and in early April against Southeast Series of Lockton Companies alleging that the broker’s inadequate and unlawful data security caused the personal information of individuals to be accessed and obtained by cyber criminals.

A Lockton spokesperson said in a statement provided to The Insurer: “In Late November 2024, Lockton discovered suspicious activity on a single Lockton user’s computer. This incident was contained within a few hours and did not affect our operations or ability to serve clients. Additionally, this was not a ransomware attack.”

They added: “After Lockton contained this incident, we engaged third-party cyber experts to assist with an investigation and an analysis of all potentially affected data. We have already notified the small group of clients that we determined were affected and are supporting them with next steps.”

The complaints argue that the data Lockton collected from the plaintiff and class members, and which was exfiltrated by cybercriminals, was highly sensitive.

For example, one of the complaints, Johnson vs. Southeast Series of Lockton Companies, said: “The exfiltrated data included personal identifying information … and personal health information … including, but not limited to, names and Social Security numbers, dates of birth, and medical insurance information.”

The plaintiff in that case seeks remedies including compensatory damages, treble damages, punitive damages, reimbursement of out-of-pocket costs, and injunctive relief, including improvements to Lockton’s data security systems, future annual audits and the appointment of an independent and qualified cyber auditor to monitor cyber hygiene.

The lawsuit included as an exhibit a letter Southeast Series of Lockton Companies sent the plaintiff on March 28 informing him of the cybersecurity incident, and stating it may have affected him because of the employee benefit services the broker provides to Dollar Tree’s group health and welfare benefit plan.

The Lockton spokesperson’s statement said: “We take cybersecurity seriously, and while this incident was minor and quickly contained, we have implemented additional measures to ensure the continued safety and integrity of our systems.

“Beyond that, we cannot comment specifically on pending litigation.”

Lockton is one of several insurance industry companies that have been hit by breaches recently.

For example, Cyber Risk Insurer reported earlier in April that Skyward Specialty had suffered a data breach that led to documents appearing on the dark web.