Breach Details and Allegations
The class action stems from two cyberattacks in 2023 that compromised names, Social Security numbers, dates of birth, addresses, phone numbers, and even financial details of employees and customers.
Plaintiffs accused Fortive of weak cybersecurity defenses, alleging that data was stored unencrypted in an internet-accessible environment and that the company failed to train employees or monitor third-party partners.
Even worse, plaintiffs said Fortive waited over 18 months to notify victims, and when it did, the company’s letters allegedly obscured the scale and nature of the breach.
Fortive Pushes Back
Fortive has denied wrongdoing, stressing that it takes data protection seriously but chose settlement to avoid the expense of drawn-out litigation.
Earlier in the case, the Everett, Washington-based firm argued that plaintiffs could not prove tangible harm. Victims, however, insisted they faced an ongoing risk of fraud and identity theft that forced them to monitor their finances and credit.
