Winn-Dixie Employee Settles Data Breach Row

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.law360.com/classaction/articles/430740/winn-dixie-employee-settles-data-breach-row-

Law360, New York (April 05, 2013, 7:31 PM ET) -- An employee purchase
program company enlisted by Winn-Dixie Stores Inc. agreed Friday to
pay some $430,000 to resolve a proposed class action by an employee of
the supermarket chain who claimed personal employee data submitted to
the program was breached.

In a settlement motion filed in Florida federal court, Purchasing
Power LLC agreed to pay the amount, which includes $225,000 for the
class members as well as $200,000 in attorneys' fees. The settlement
releases Purchasing Power and Winn-Dixie from claims by Winn-Dixie
employee Patrick Burrows, according to the motion.

Burrows' suit had claimed a Purchasing Power employee accessed the
Winn-Dixie employees' personal data that was submitted for the program
- including date of birth, salary and Social Security number. He
claimed also that companies knew of breach in October 2011 but did not
inform the victims of the breach until late January 2012. Purchasing
Power on Friday denied the claims and said it was entering the
settlement to avoid the burden of litigation.

"Purchasing Power denies the allegations of the third amended
complaint and believes the claims in the action are without merit,"
the company said in the motion. "Nevertheless, for the purpose of
avoiding the burden, expense, risk and uncertainty of continuing to
litigate the action, and for the purpose of putting to rest the
controversies engendered by the action, and without admission of any
liability or wrongdoing whatsoever, Purchasing Power decides to settle
the action."

In the complaint filed in July, Burrows had claimed the breach
occurred in an employee benefit program which involved giving
Purchasing Power certain personal information about the employees,
which allowed them to buy products using payroll reductions, according
to the settlement.

Burrows had claimed that the companies' delay in informing employees
about the brief had given the thief enough time to steal identities of
the Winn-Dixie employees and to file false tax returns before the
employees could act on it.

Burrows' suit had made claims for negligence, invasion of privacy and
violations of the Florida Deceptive and Unfair Trade Practices Act,
according to court documents.

U.S. District Judge Ursula Ungaro slashed some of those claims in
October, finding at the time that he had not sufficiently backed his
negligence and invasion of privacy claims, but preserving his claims
under the Florida Deceptive and Unfair Trade Practices Act.

Burrows is represented by John A. Yanchunis of Morgan & Morgan PA.

The defendants are represented by Carlton Fields PA and Clark Silverglate PA.

The case is Burrows v. Purchasing Power et al., case number
1:12-cv-22800, in the U.S. District Court for the Southern District of
Florida.

--Additional reporting by Gavin Broady and Sean McLernon.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.