The employee-plaintiffs taking on Altice USA Inc., a cable television and communications provider, have filed an unopposed motion for preliminary approval of their settlement. If approved, it will compensate individuals for time spent dealing with fallout from the data breach, reimburse them for expenses incurred, offer them credit monitoring, and mandate that Altice bolster its cybersecurity practices.
The motion explains that the data breach giving rise to the suit occurred in November 2019, when an unauthorized third-party accessed certain employees’ email account credentials through a phishing attack. Allegedly, the incident impacted almost 53,000 current and former Altice employees.
Specifically, inboxes of victims were compromised and “within one of the compromised mailboxes was a password-protected file that contained the names, employment information, dates of birth, Social Security numbers, and in some instances, driver’s license numbers of current employees and some former employees of Altice,” the filing explains.
In March 2021, the court ruled on Altice’s motion to dismiss, partly granting and partly denying it. Judge Jesse M. Furman dismissed the plaintiffs’ claims for violation of New York Labor Law and negligence per se, but denied Altice’s motion as to standing, breach of implied contract, and injunctive relief.
The next month, Judge Furman denied Altice’s motion to compel arbitration. Altice appealed to the Second Circuit, but subsequently withdrew the appeal pursuant to a joint agreement. In July 2021, settlement discussions began and, after several months of “continued back-and-forth,” they culminated in the instant agreement.
Now, the plaintiffs contend that the settlement provides meaningful relief to class members, including three years of the identity theft protection and credit monitoring, cash payments for reimbursement of out-of-pocket expenses due to the data breach or time spent responding thereto, and injunctive relief improving Altice’s security and cyber resilience. For example, Altice will submit itself to yearly penetration testing, provide anti-phishing training, and maintain a company-wide encryption protocol to ensure that all personally identifying information is secure.
The filing claims that the settlement meets the factors outlined by Second Circuit precedent and “falls within the range of possible final judicial approval.”