MUNCIE, Ind. — A Muncie business is facing two federal class action lawsuits over a data breach.
The lawsuits against Accutech Systems Corp., obtained by 13News, were filed in California and Indiana. They claim a data breach August 2021 exposed personal and financial information for nearly 40,000 people.
The information allegedly exposed includes: full names, Social Security numbers, dates of birth, financial account information, payment card numbers, and account access information. Those affected used the company's banking and financial software.
One of the lawsuits claims hackers got in through an employee's email account. Those filing the suits allege Accutech waited months to notify affected customers of the breach.
13News reached out to Accutech Systems Corp for a statement on the data breach and/or the class action lawsuits and is waiting on a response.
FBI warns against not reporting cyberattacks
The FBI is urging Indiana businesses to report cybercrimes instead of handling attacks internally. Ten percent of the bureau's Indianapolis field office is dedicated solely to cracking down on cybersecurity issues.
“It's a little bit of a silent threat that goes under the radar, but still has great potential to impact our national security and our economy,” said Special Agent in Charge Herbert Stapleton.
Stapleton said the bureau doesn’t know how many businesses, schools and organizations don’t report these crimes, but they know it’s happening and allows hackers to operate with impunity.
Hesitancy is mostly due to two main concerns – fear of publicity and getting in trouble. Stapleton said the bureau has strict rules to protect victims and keep cases under wraps. Not reporting sometimes still results in publicity, as agents report sometimes learning of a breach in news reports."
To groups worried about getting in trouble, Stapleton said that's not an agent's goal or focus.
"What we want to find out is, 'Who did this? Why? How and how can we protect the next incident from happening?'” he said. “That's what's really critical. That's what goes back to the 'cybersecurity is national security' kind of idea.”
Notifying the FBI increases chances a hacker can be tracked down and prosecuted even if they’re abroad. The law enforcement agency said it has international offices in 70 countries.
Reporting an attack quickly can also help businesses better protect time and money. For example, in a ransomware attack, sometimes agents can decrypt blocked information, so the business doesn't lose anything. Occasionally, agents can even get ransom money back by communicating with banks, but they have to be notified within 72 hours to utilize the Financial Fraud Kill Chain program.
To report a crime, groups and individuals can either call their local field office or file a complaint on the Internet Crime Complaint Center website.
Stapleton said many hackers try to operate in countries that won’t cooperate with the United States including Russia, Iran, North Korea to name a few. However, he says cyber criminals operate all over the globe.
Currently, most attacks are the result of phishing emails and known vulnerable spots in a system that a business hasn’t gotten around to fixing.