Ross & Yerger failed to safeguard client data, lawsuit alleges

A ransom group allegedly got in - and the suit says clients weren't warned

Ross & Yerger failed to safeguard client data, lawsuit alleges

Risk, Compliance & Legal

By Tez Romero

Ross & Yerger Insurance faces a proposed class action claiming it failed to protect customers' personal data, which was then taken in a breach. 

The suit was filed July 9, 2026 in the US District Court for the Southern District of Mississippi. It accuses Ross & Yerger Insurance, Inc, an independent commercial insurance agency, of failing to safeguard the sensitive information it collects from customers and then losing it in a breach. 

According to the complaint, the agency holds "a litany of highly sensitive personal identifiable information" on its clients. The plaintiff alleges that data ended up in the hands of criminals. 

The filing says a ransom group it calls "TheGentlemen" gained unauthorized access to the agency's systems on or around May 16, 2026 and "exfiltrated sensitive PII." That claim is pleaded "upon information and belief," citing a cybersecurity website. PII, or personally identifiable information, is the kind of personal data that can be used to identify a specific person. 

The complaint also alleges that, as of the filing date, the agency "has yet to send out a notice of the Data Breach" to the people whose information was affected. It says that gap left them unable to take steps to protect themselves. 

The plaintiff, described in the filing as careful with her personal data, says she was harmed anyway. She alleges a spike in spam and scam text messages "almost daily" after the breach and a heightened, long-term risk of identity theft. In the filing's words, "[t]he exposure of one's PII to cybercriminals is a bell that cannot be unrung." 

The case is a proposed class action covering "[a]ll individuals residing in the United States whose PII was compromised in Defendant's Data Breach." The filing puts the class at "at least hundreds of members" and alleges the amount in controversy tops $5 million. 

The complaint sets out the data-security duties it says the agency owed: to use reasonable care with the information, to detect unauthorized access promptly, and to notify affected people within a reasonable time. It alleges the agency broke the Gramm-Leach-Bliley Act, 15 U.S.C. § 6809(3)(A), and Section 5 of the Federal Trade Commission Act, 15 U.S.C. § 45, which it says bars "unfair . . . practices in or affecting commerce." The filing calls those failures "negligence" and "negligence per se." 

In all, the plaintiff brings eight claims: negligence, negligence per se, breach of implied contract, invasion of privacy, unjust enrichment, breach of fiduciary duty, breach of confidence, and declaratory judgment. She seeks damages, restitution, injunctive relief, attorneys' fees, and a jury trial. 

The allegations have not been tested in court, and no judge has ruled on any of the claims.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!