Costa Mesa, California, U.S.A.-based restaurant chain King’s Seafood will pay up to USD 350,000 (EUR 358,000) in a class action settlement over a data breach.
U.S. District Judge Cormac J. Carney of the U.S. District Court for the Central District of California said King's Seafood must pay up to USD 3,000 (EUR 3,072) per class-member for monetary loss arising directly from documented identity theft “that is fairly traceable to the data breach.”
King’s Seafood must pay up to USD 450 (EUR 461) per class-member for expenses, fees, and lost time incurred as a direct result of the data breach. The company will also provide class-members with two years of free identity-theft protection and monitoring services.
King’s total monetary payment obligation is not to exceed USD 350,000, Carney ruled.
The operator of 12 restaurants was the victim of a cyberattack that started in June 2021, in which the hacker was able to obtain personal identifiable information, such as driver’s license numbers and credit card data, of employees and customers, according to a letter King’s Seafood sent to customers.
Former employee Jonathan Bowdle filed the class-action complaint in October 2021, citing King’s “failure to properly secure and safeguard personally identifiable information of its customers and employees, without limitation, names, driver’s license information, payment card information, medical cards, telephone numbers, and partially redacted Social Security number.”
The restaurant chain failed to provide timely, accurate, and adequate notice to Bowdle and other affected employees and customers of “precisely what type of information was unencrypted and is now in the possession of unknown third parties.”
The final approval hearing for the settlement is scheduled for 13 February, 2023.
