Cyberattack Lawsuit Against West Texas Gas

From Bloomberg:

A cyberattack targeting a Texas gas company has made 56,000 people susceptible to identity theft, according to a federal class action lawsuit filed Tuesday alleging the company failed to timely notify the victims after the May 2023 breach.

The lawsuit against West Texas Gas, Inc. outlines no specific evidence of identity theft, but it says customers’ names, Social Security numbers, and Taxpayer Identification Numbers were accessed. The company serves more than 40 municipalities in Texas and Oklahoma, controlling 1,800 miles of natural gas transmission pipelines in those states and two others.

Hackers were able to access the information because the company’s cybersecurity system was unencrypted and “maintained in a condition vulnerable to cyberattacks,” the lawsuit said.

Bringing the lawsuit on behalf of other affected customers is a former West Texas Gas employee named Brian Morrow. His lawyer, Jarrett Ellzey of Ellzey & Associates, said he is worried hackers will access his financial accounts and release his personal information on the dark web.

West Texas Gas waited five months after the attack to notify affected customers in an October letter, which the lawsuit says was untimely and inadequate because it didn’t disclose the information breached specific to that customer. 

The suit, filed in the Western District of Texas, seeks compensatory damages and reimbursement costs and a directive to West Texas Gas to improve data security. 

The case is Morrow v. West Texas Gas , W.D. Tex., No. 7:23-cv-174, 11/7/23 .

To contact the reporter on this story: Ryan Autullo in Austin at rautullo@bloombergindustry.com

Story can be found on Bloomberg Law.