Standing Strong: Counsel Financial is fully operational & here to assist you with your financing needs.

Learn More

Employees File Class Suit over Disclosure of Personal Data to Online Hackers

Elizabeth DiNardo, Esq. | Associate Counsel


On April 2, 2018, Driveline Retail Merchandising Inc. (“Driveline”) was sued in Illinois federal court in connection with a proposed class action, alleging that the company disclosed employees’ personal and tax information to identity thieves in a well-known email phishing scheme.

 Named plaintiff, Shirley Lavender, alleges in the complaint that on February 14, 2017, the company notified Driveline employees that personal and tax information found on their 2016 W-2 forms had been compromised in a data breach. However, employees later discovered that instead of being the victim of a cyber attack and subsequent data breach, the defendant had actually voluntarily disclosed employee information to identity thieves through a notorious email scam. 

Driveline is a retail merchandising service company, which sets up product displays and shelves products for large retailers across the United States. Driveline clients include high-profile companies such as Dollar General, Johnson & Johnson, Kraft, Walgreens, Nestle, Store Board Media, BiLo, Unilever, Winn Dixie, Kimberly-Clark and ConAgra Foods.

During the course of employment with Driveline, employees are required to disclose personal and tax information such as name, address, zip code, date of birth, wage and withholding information, as well as social security information. Reasonably, employees expected Driveline to keep the sensitive information confidential by maintaining proper security and only disclosing the information for authorized business purposes. However, despite being warned of the existence of scam emails intending to obtain personal information, Driveline fell victim to the scam and disclosed highly-sensitive employee information to an unknown third party.

The suit claims that Driveline failed to adequately secure and safeguard the personal information of its employees and also failed to comply with common industry standards regarding the electronic transmission of employee personal information. 

The suit seeks to represent a nationwide class of all current and former Driveline employees whose personal information has been compromised as a result of Driveline’s actions. It has been estimated that the class will reach around 10,000 members.

The case is: Lavender v. Driveline Retail Merchandising Inc., Case No.: 2:18-cv-02097, in the U.S. District Court for the Central District of Illinois.


Counsel Financial provides working capital credit lines exclusively for the plaintiffs' bar in all states except California, where credit lines are issued by California Attorney Lending