Two former employees of a global paper products business based in Purchase have sued the company for allegedly failing to protect their personal information from hackers.
Alexis Romero, of Bayshore, Suffolk County, and Samantha Campbell, of Tarpon Springs, Florida, accused Central National Gottesman Inc. of negligence, in separate class action complaints filed on April 6 in U.S. District Court in White Plains.
“There has been no acknowledgement yet by defendant that the data breach occurred,” both complaints state, “nor any assurances that defendant is taking steps to protect the private information going forward.”
Central National Gottesman is a fifth generation family business founded in 1886. It sells products such as paper stock for books and catalogs, newsprint, towels, diapers, cleaning tissue, packaging, paper pulp, and cans. It employs more than 4,200 people in 29 offices worldwide.
On March 2, a notorious ransomware group, Payoutsking, or Payouts King, claimed responsibility for a data breach that gained access to the names, Social Security numbers, dates of birth, addresses and  contact information of current and former employes.
Such personal information is a “gold mine for data thieves,” the complaints state. Hackers typically sell the stolen information on “dark market” online platforms where crooks anonymously buy illicit goods.
Then thieves use the personal information to drain bank accounts, open new financial accounts, take out loans, run up credit card charges, obtain medical services, apply for governmental benefits, file fraudulent tax returns, and conceal their true identity during arrests.
Since the data breach, Romero and Campbell claim, they have received more spam calls, text messages and emails, “evidencing misuse of (their) private information.”
They argue that Central National Gottesman should have known the inherent risks of collecting personal information from employees, yet failed to properly secure and safeguard the information.
It should have used an intrusion detection system to monitor attempted hacks and recognize breaches as soon as they occur, according to the complaints, to quickly notify employes and law enforcement and to mitigate the damages.
The lawsuits were filed on behalf of all individuals nationwide whose personal information was taken from Central National Gottesman.
Campbell and Romero are demanding at least $5 million in damages and lifetime credit monitoring and identity theft insurance for everyone whose private and personal information was exposed in the data breach.
Central National Gottesman did not reply to a request for comment that was submitted through its website.
