A corporation’s most basic promise to you is to protect the information you entrust to them. PRGX Global, Inc., a data analytics firm based in Atlanta, Georgia, is now facing a federal class-action lawsuit alleging it broke that promise. Not once, but twice. The company’s “inadequately protected computer systems” were allegedly breached by two separate, notorious cybercriminal gangs, exposing the most sensitive data of countless individuals, including minor children.

This isn’t just an IT issue; it’s a profound betrayal. Court documents reviewed by our team paint a grim picture of corporate negligence, followed by a shocking period of silence that left victims vulnerable and unaware for over a year.

A Year Of Calculated Silence

The first attack began between April 8 and April 9, 2022. According to the complaint, PRGX discovered on April 9th that its servers were inaccessible. An investigation confirmed that a criminal group, identified in reports as the ransomware gang Black Basta, had accessed and stolen files. These weren’t just any files. They contained the keys to your life: names, Social Security numbers, and financial data so complete it included account numbers combined with the passwords or PINs needed to access them.

For more than 365 days, PRGX held this information. While victims went about their lives, their stolen identities were a ticking time bomb in the hands of a “financially motivated” criminal enterprise known for its double-extortion tactics. This means Black Basta not only demands a ransom to unlock the systems they encrypt, but they also threaten to publish or sell the stolen data, ensuring they profit either way. The lawsuit states PRGX has offered no assurance it paid the ransom or secured the data.

Criminals Mock PRGX’s “Security”

Before PRGX even finished notifying victims of the first breach, they were hit again. This time, by the cybergang known as Clop. Taking responsibility for the attack on its dark web portal, Clop delivered a scathing public verdict on PRGX’s security measures.

“The company doesn’t care about its customers, it ignored their security!!!”

– Clop Ransomware Group, Dark Web Post

This wasn’t just an attack; it was a public shaming. Like Black Basta, Clop is known for double-extortion. The lawsuit highlights that Clop has already begun leaking some of the data stolen from PRGX, making the threat of identity theft immediate and ongoing. Again, the company has provided no assurance that it has retrieved the stolen data from this second group of criminals.

The Non-Financial Ledger: A Lifelong Sentence

What is the cost of having your Social Security number sold on the dark web? There is no dollar amount. It’s a lifelong sentence of looking over your shoulder. Every credit application, every new account, every job background check becomes a moment of anxiety. For the parents named in this lawsuit, it’s the sickening knowledge that their children’s futures have been mortgaged before they’ve even begun, their clean financial slates now permanently stained and available to the highest bidder.

PRGX’s alleged failure created a permanent, unfixable problem. The data, once leaked, can never be fully retrieved. The offer of credit monitoring is a flimsy bandage on a gaping wound. It doesn’t prevent the crime; it just alerts you after you’ve already become a victim.

Legal Receipts

The case against PRGX is built on the company’s own admissions and timelines, as detailed in the legal complaint. The core of the argument is not just that a breach occurred, but that the company’s response demonstrated a severe disregard for the people it harmed.

“Although PRGX learned of the First Data Breach on April 9, 2022, PRGX did not notify victims of the First Data Breach until on or around May 5, 2023, over a year after PRGX learned of the First Data Breach.”

– Case No. 1:23-CV-04233-TWT, First Amended Complaint

Societal Impact Mapping

Public Health Catastrophe

The fallout from these breaches is a public health issue. The constant, low-grade stress of potential identity theft contributes to chronic anxiety and psychological distress. Victims are forced to spend countless hours monitoring their accounts, filing reports, and trying to undo damage caused by criminals armed with their own information. This is an invisible labor tax imposed on people by corporate carelessness.

Economic Inequality Engine

Data breaches disproportionately harm those with the fewest resources. A fraudulent charge or a drained bank account can be a catastrophic event for a working family, while a dip in a credit score can mean the difference between getting a car loan for a job or being denied. PRGX’s failure to protect this data directly fuels economic precarity, making it harder for regular people to build financial security while their identities are used to enrich criminals.

What Now?

The immediate legal battle is the class-action lawsuit filed in the Northern District of Georgia. But accountability requires sustained public pressure. The system that allows a company to fail this spectacularly, wait a year to admit it, and then suffer another breach must be examined.

Beyond watching regulators, the real power lies in grassroots organizing. Support mutual aid networks that help people recover from identity theft. Demand local and federal legislation with real, punishing fines for data security failures. A company’s profit margin should never be more important than your lifelong financial security.