May 27 (UPI) — New York City’s Metropolitan Opera, the largest opera house in the world, is facing a class action lawsuit after a data breach allegedly compromised the personal information for 45,000 employees and patrons.
The lawsuit, led by chief plaintiff and former employee Anthony Viti, was filed in Manhattan Supreme Court and claims that information accessed by hackers included his Social Security number, driver’s license number and date of birth — as well as financial information.
The data breach was first revealed by The New York Times in December, which had reported that the company’s website and box office were out of commission for more than 30 hours.
“As it turns out, the cybercriminals not only disrupted The Met’s website and box office but also entailed the Data Breach, an exfiltration of sensitive data,” the lawsuit, obtained by UPI, reads.
The Met ordered a third-party forensic investigation after the breach which determined that cybercriminals stole personally identifiable information during a two-month span from September through December.
“The Met failed to detect an intruder with access to and possession of The Met’s current/former employees’ and consumers’ data,” the lawsuit reads.
“It took a complete shutdown of The Met’s website and box office for The Met to finally detect the presence of the intruder.”
Viti said The Met’s response to the data breach has been “woefully insufficient” and alleged that the organization did not disclose to affected parties that their data had been compromised until May 3, nearly five months after the incident.
In reparations to victims of the breach, The Met has allegedly only offered 12 months of identity monitoring services despite the fears that such breaches can cause “ripples for many years, if not decades.”
Viti alleged that The Met also did not heed warnings from governmental entities that it could be a target for cyber-attacks and failed to install proper security measures that could have prevented the breach.
Stephanie Basta, the opera’s lawyer, wrote a letter to Maine Attorney General Aaron Frey on May 3 in which she revealed that 45,094 patrons and workers and former employees were compromised.