HR data security is growing in importance with every passing year of moving more data online, and the Golden Corral lawsuit is an unfortunate example of what happens when we don’t have sufficient protection in place. The Golden Corral data breach incident reportedly occurred in August last year, as a result of which approximately 183,272 individuals had their personal data accessed by an unauthorized source. Instead of notifying the affected employees and personnel immediately, the company waited until February 2024 to send out a notice preventing these individuals from taking any actions and precautions in response to the data breach. The Golden Corral cyberattack is a terrifying example of how much data can be mined from a single source, with employers being a prime target considering the vast stores of employee and client data they hold in one place, often with minimal security.
Image: Pexels
Understanding the Golden Corral Lawsuit
The class action lawsuit against the buffet-style chain was filed by a former employee who was among those affected by the Golden Corral data breach. The lawsuit was filed in the eastern district of North Carolina and stated that it was a result of the defendant’s failure to protect the plaintiff and class members’ personally identifiable information that was stored by them. The lawsuit alleges that cyberattacks were something the company knew it was vulnerable to, but it did little to protect its records from outside threats. Worse still was their negligence in informing affected individuals that the breach had occurred.
When Did the Golden Corral Data Breach Occur?
According to the class action lawsuit, the company became aware of the cyberattack around August 15, 2023, when they experienced a disruption in their operations and realized that unauthorized actors had gained access to their data sometime between August 11 and 15. In response to the Golden Corral data breach, they reportedly conducted their own investigation to understand what information was accessed and finally reached out to affected employees with painfully sparse compensation for the news they were bringing.
The company remained vague about how the data breach occurred, exactly how it confronted the threat, and what it did in the six months since learning of the threat. These gaps in the information only served to upset the affected individuals further as there was no clarity on any aspect of the matter available to them.
What Are the Consequences of the Golden Corral Cyber Attack?
The details of the Golden Corral lawsuit indicate that the company offered a twenty-four-month subscription to the Experian identity theft monitoring systems to help them track where their affected data turns up. The credit monitoring and identity restoration service appeared to be quite insubstantial in the face of the matter, with the court filings stating that the two-year subscription would not cover the years of identity theft that victims could face. The compromised data includes personal information such as the full names of the victims and their Social Security numbers, which could be misused in a plethora of ways.
The document also recounts that the company places the burden of monitoring and reporting where the data turns up to protect themselves rather than take any action to handle the proceedings themselves. Not only will the current and former employees affected by the break have to deal with the threat of a potential data breach, but they will also likely incur significant expenses in trying to deal with the unauthorized use of their data. The consequences of such a breach are truly far-reaching.
Prioritizing HR Data Security
The last time we heard of an HR incident that compromised employee records on such a scale was the Kronos data breach in 2021 which affected more than 8,000 institutions. To settle a class action lawsuit that occurred following the Kronos data breach, Ultimate Kronos Group or UKG had to pay $6 million USD in settlement fees. This likely doesn’t cover the full extent of the loss of business and resources the company experienced while trying to handle the repercussions of the cyberattack.
In more recent news, European HR and payroll management company SD Worx was targeted in a cyberattack in April last year which led them to shut down their services to isolate their systems and prevent any further damage from taking place. They later confirmed that it was not a ransomware attack and no data was compromised but the results could have been disastrous if sensitive data had been exposed in the attack.
The Golden Corral lawsuit is an unnerving example of how cyberattacks aren’t just targeted at large organizations with billion-dollar secrets—they can happen to any company at any time. From holding the data for ransom to misusing the data for further illegal activity, cybercriminals are often willing to test every boundary to see how best they can benefit themselves. It is up to every organization to use cybersecurity tools to protect HR data the best they can. If a company collects employee data as a part of its organizational records, then it becomes responsible for keeping it safe.
Even while working with third-party services that handle all the information, businesses should not get too comfortable with having paid someone to handle it. It is essential to embrace constant vigilance in ensuring these platforms are following through with the protection they promise the organization.