The lawsuits allege that a data breach in August 2021 exposed personal and financial information for nearly 40,000 people.
MUNCIE, Ind. – A Muncie business is facing two federal lawsuits over a data breach.
The lawsuits against Accutech Systems Corp., obtained by 13News, were filed in California and Indiana. They claim that a data breach in August 2021 exposed the personal and financial information of nearly 40,000 people.
Information allegedly exposed includes: full names, social security numbers, dates of birth, financial account information, payment card numbers, and account access information. Those affected used the company’s banking and financial software.
One of the lawsuits alleges that hackers gained access through an employee’s email account. Those filing the lawsuits allege Accutech waited months to notify affected customers of the breach.
13News reached out to Accutech Systems Corp for a statement on the data breach and/or class action lawsuits and is awaiting a response.
FBI warns against reporting cyber attacks
The FBI is asking Indiana businesses to report cybercrimes instead of handling attacks domestically. Ten percent of the Bureau’s field office in Indianapolis is dedicated solely to tackling cybersecurity issues.
“It’s a bit of a silent threat that flies under the radar, but it still has great potential to affect our national security and our economy,” said Special Agent in Charge Herbert Stapleton.
Stapleton said the bureau doesn’t know how many businesses, schools and organizations don’t report these crimes, but they know it’s happening and allows hackers to operate with impunity.
The reluctance is mainly due to two main concerns – fear of publicity and getting into trouble. Stapleton said the bureau has strict rules to protect victims and keep cases confidential. Failure to report sometimes still results in publicity, as agents sometimes report learning of a breach in news reports.”
To groups worried about getting into trouble, Stapleton told them that’s not an agent’s goal or focus.
“What we want to find out is, ‘Who did this? Why? How can we prevent the next incident from happening?'” he said. “That’s what’s really critical. That’s what goes back to the ‘cybersecurity is national security’ kind of idea.”
The FBI’s announcement increases the chances that a hacker will be tracked down and prosecuted even if they are out of the country. The law enforcement agency said it has international offices in 70 countries.
Quickly reporting an attack can also help businesses better protect time and money. For example, in a ransomware attack, agents can sometimes decrypt the blocked information so that the business does not lose anything. Occasionally, agents can also collect ransom money by communicating with banks, but they must be notified within 72 hours to use the Financial Fraud Kill Chain program.
To report a crime, groups and individuals can call their local office or submit a complaint on the Internet Crime Complaint Center website.
Stapleton said many hackers try to operate in countries that will not cooperate with the United States, including Russia, Iran, North Korea to name a few. However, he says cybercriminals operate across the globe.
Currently, most attacks are the result of phishing emails and known vulnerabilities in a system that a business has failed to patch.