A former employee of TransPerfect Global Inc. has accused the translation-services company of negligence in handing over workers’ tax information to hackers in a data breach that occurred earlier this year.
An advocacy group backed by TransPerfect employees in a press statement Wednesday blamed the court-appointed custodian for the breach.
In a class action complaint filed last month, Jesse Sackin said the company lacked “the training, procedures and controls” to prevent the Jan. 17 attack, which exposed employees’ personal data, including names, Social Security numbers and direct deposit bank account information.
The breach threatened all current and former TransPerfect employees and placed those affected at higher risk of identity theft in the future, he said.
“TransPerfect negligently failed to take the necessary precautions required to safeguard and protect plaintiff’s and the other class members’ PII from unauthorized disclosure,” Sackin wrote in the complaint filed Feb. 27. “Defendant’s actions represent a flagrant disregard of plaintiff’s and the other class members’ rights, both as to privacy and property.”
For two years, TransPerfect co-owner and CEO Philip R. Shawe has been battling in Delaware state court to stop the forced sale of the profitable firm. His efforts fell short last month, when the state high court upheld Delaware Court of Chancery Chancellor Andre G. Bouchard’s controversial decision to appoint a custodian to oversee the sale by modified auction.
On Wednesday, Citizens for a Pro-Business Delaware Inc., an advocacy group backed by TransPerfect employees, blamed the sales process and custodian Robert B. Pincus for lapses in security that led to the breach. Pincus, a partner at Skadden, Arps, Slate, Meagher & Flom, has effectively exercised administrative control of the company since 2015.
“For over a year, TransPerfect employees have warned that this court-appointed custodian with unlimited power to interfere would threaten the livelihood of the company and its employees,” Chris Coffey, a Citizens spokesman who also runs the group’s lobbying operations in Dover, said in a press release.
“Now, in light of the worst data incident in the company’s history, we are finally seeing cold hard proof that the custodian and the court put profits for friends and cronies over the well-being of the company and the employees.”
Pincus and representatives from TransPerfect did not immediately respond to calls seeking comment on the suit.
Shawe also linked the breach directly to Pincus and the courts.
“This is what happens when a court assigns responsibility to people whom have no true vested interest or knowledge of the business. They don’t treat it as their own and bad consequences come as a result,” he said in a statement.
The complaint names only TransPerfect as a defendant and makes no reference to the Delaware litigation.
According to the complaint, filed in the U.S. District Court for the Southern District of New York, at least one TransPerfect employee responded to an online “phishing” scam by forwarding 2015 Form W-2 data for all current and former TransPerfect employees to unknown attackers.
Phishing refers to an attempt by hackers to obtain personally identifiable information using emails that appear to be sent from a trusted source. The method has been linked to several high-profile data breaches in recent years.
Sackin said that potentially “thousands” of employees were affected by the attack. According to the complaint, workers were notified of the breach a week after it occurred, and the company has said that it is currently investigating the matter.
Sackin has hired attorneys from Finkelstein, Blankinship, Frei-Pearson & Garber to represent the proposed class.
The case, captioned Sackin v. TransPerfect, has been assigned to U.S. District Judge Lorna G. Schofield of the Southern District of New York.