A major provider of background screening and investigative services is facing a class action lawsuit after thousands of individuals’ sensitive personal information was allegedly exposed to cybercriminals due to insufficient security measures. The legal complaint claims that names, Social Security numbers, and driver’s license numbers were compromised, placing those affected at risk of identity theft and financial fraud for years to come.
The complaint was filed by William Swint on April 15, 2026, in the United States District Court for the Eastern District of New York against TruView BSI, LLC. Swint brings the case on behalf of himself and all others similarly situated who may have been impacted by what he calls “the Data Breach.”
According to the filing, TruView BSI is a business intelligence company specializing in comprehensive background screening and investigative services. As part of its operations, it collects personally identifiable information from clients seeking or receiving its services. The plaintiff alleges that between July 18, 2024, and August 15, 2024, an unauthorized party accessed this information through TruView’s IT network. However, it was not until March 4, 2026—over a year and a half later—that TruView determined the breach had occurred. Public disclosure did not take place until around April 8, 2026.
The complaint asserts that TruView failed to implement adequate administrative procedures to safeguard clients’ private information as required by federal law and industry standards. It states: “Defendant breached its duties owed to Plaintiff and Class Members by failing to safeguard the Private Information it collected and maintained,” adding that this failure included not encrypting or redacting highly sensitive data such as Social Security numbers.
Swint claims that TruView’s delayed notification violated New York law requiring prompt disclosure of breaches involving personal data: “Defendant waited more than one and a half years after the Data Breach occurred, to issue a public disclosure,” which allegedly deprived victims of an early opportunity to mitigate potential harm.
The lawsuit outlines several alleged failures by TruView including not complying with industry-standard practices like encryption in transit and storage; not warning customers about inadequate security; lacking multifactor authentication; failing to monitor or detect unauthorized access promptly; neglecting software updates; and not restricting employee access appropriately.
Swint contends that these lapses left clients vulnerable despite widely known risks associated with storing sensitive personal information. The complaint references guidance from authorities such as the Federal Trade Commission (FTC), National Institute of Standards and Technology (NIST), Center for Internet Security (CIS), Microsoft Threat Protection Intelligence Team, and Cybersecurity & Infrastructure Security Agency (CISA) on how organizations should secure their networks against cyberattacks.
The plaintiff further alleges that the compromised data is likely being sold or misused on dark web marketplaces: “Plaintiff further believes his Private Information...was and will be sold and disseminated on the dark web following the Data Breach as that is the modus operandi of cybercriminals.” He describes harms suffered by himself and other class members including invasion of privacy; time spent monitoring accounts; emotional distress; actual incidents of identity theft or fraud; diminished value of their private information; loss of benefit from their contractual relationship with TruView; costs associated with credit monitoring; as well as ongoing risk because their unencrypted data remains in defendant’s possession.
Swint seeks relief for negligence/negligence per se, breach of implied contract, unjust enrichment, actual damages including compensation for time lost mitigating risks related to identity theft or fraud, punitive damages where appropriate under law, injunctive relief requiring improved security practices at TruView BSI going forward—and any other remedies deemed just by the court.
The proposed class includes all individuals in the United States whose private information may have been compromised in this incident. Swint requests certification under Federal Rule of Civil Procedure 23(b)(2), 23(b)(3), and 23(c)(4). The suit identifies typicality among class members’ claims due to exposure from similar conduct by defendant.
At this stage in proceedings no specific attorney names are listed within this excerpted document text. The case ID is Case No. 2:26-cv-02214-ST.
Source: 226cv02214_Swint_v_Truview_BSI_LLC_Complaint_Eastern_District_New_York.pdf