Worker sues over UPMC employee IRS data breach

  • Associated Press May 10, 2014

PITTSBURGH – A University of Pittsburgh Medical Center employee has sued the hospital network for credit restoration services and identity theft insurance in the wake of a data breach that has seen hackers use the personal information of hundreds of employees to file bogus federal income tax returns.

Alice Patrick, who works at UPMC-McKeesport hospital, filed her lawsuit against UPMC and Ultimate Software Group Inc., of Weston, Fla., Friday in U.S. District Court. UPMC isn’t commenting, but an executive with a Florida payroll processing firm is denying the company has anything to do with the data breach affecting as many as 27,000 UPMC employees.

Mitchell Dauerman, the company’s executive vice president, said he doesn’t believe UPMC or any of its subsidiaries are clients of Ultimate Software, and may have been sued by mistake.

The hospital confirmed the data breach may have compromised the personal information of 27,000 of its 62,000 employees – including nearly 800 who’ve had bogus tax returns filed using their personal information.

Patrick’s lawsuit is unusual because she’s not seeking monetary damages, but rather identity theft protection going forward, according to David Thaw, a professor of law an information sciences at the University of Pittsburgh.

Thaw told the Pittsburgh Tribune-Review, which first reported the lawsuit, this is the first major lawsuit he’s seen in which the plaintiff doesn’t seek monetary damages. Rather, Patrick and her attorneys – who are seeking class-action status on behalf of all similarly affected employees – want the defendants to pay for 25 years of credit and bank monitoring, identity theft insurance and services to help affected employees restore their good credit.

Credit monitoring services typically cost $10 or more per month, but multiplied by the thousands of employees potentially affected over 25 years would cost millions.

Thaw said it was unusual in his experience for a plaintiff to seek 25 years’ worth of credit monitoring. Most cases he’s reviewed call for such remedies to last from six months to five years.

Federal prosecutors and Internal Revenue Service agents in Pittsburgh are investigating the data breach. Nobody has been charged or named as a suspect so far.


blog comments powered by Disqus

Judge rules in favor of ski resort in road closure suit

Wolf: Deal to end 5-month budget stalemate in ‘deep peril’

17-year-old boy shot leaving home for school

Judge upholds Pennsylvania township’s pro-drilling ordinance

5 hurt, 1 critical, after car fleeing police hits another

Fight over who pays for public schools heads to state Senate floor

Cursive writing on decline in some school districts

Judge: Girl ‘active participant’ in mother’s killing

Jurors recess without verdict for ex-coal CEO

Woman accused of prostitution says she offered ‘free fun’