A former Macmillan employee has filed a potential class action lawsuit against the publisher over a data breach stemming from a 2022 cyberattack. The complaint, filed on February 13 in federal court in New York by Victoria Batchelor (who left the company some six years ago according to the filing), claims that the company’s negligence exposed employees’ sensitive personal information to hackers.

“On information and belief, Defendant failed to adequately train its employees on reasonable cybersecurity protocols or implement reasonable security measures,” the complaint states, adding that the company has since “done little” to remedy the situation with those whose personal information was exposed. “True, Defendant has offered concessions of credit monitoring and identity services to Plaintiff and the Class. But upon information and belief, such services do not properly compensate Plaintiff and Class Members for the injuries that Defendant inflicted upon them.”

In the filing, Batchelor claims she has “suffered multiple concrete injuries” stemming from the breach, including “multiple unauthorized withdrawals” from her bank account; an unauthorized attempt to purchase “an $800 iPad” using her financial information; an "increasing flood of spam texts and phone calls" since the breach; and “anxiety, sleep disruption, stress, fear, and frustration.”

According to the suit, the cyberattack began on June 16, 2022, and lasted for nine more days—just prior to a widely reported cyberattack that would end up paralyzing Macmillan’s operations for days. In all, the filing says “19,178 persons,” including “current and former employees,” had their personal information compromised in the breach, but were not formally notified of their exposure until December 1, 2022.

“Such injuries go far beyond allegations of mere worry or inconvenience,” lawyers argue. “Rather, Plaintiff’s injuries are precisely the type of injuries that the law contemplates and addresses.”

Among the remedies sought, the suit asks for damages and restitution.