A class action complaint and demand for jury trial have been filed in U.S. District Court, Western District of Michigan against the Upper Peninsula Power Company (UPPCO).

The complaint is seeking in excess of $5 million, listing three causes: negligence, breach of implied contract and breach of express contract.

The proposed lawsuit, filed by Danny L. Roll of Ishpeming on Nov. 30, 2022, is in response to a Nov. 23, 2022, letter sent to UPPCO customers alerting them to the utility company’s discovery of an unauthorized party who had gained access to sensitive consumer information through a breach of its computer network.

The letter states that on or around June 23, 2022, UPPCO experienced a network intrusion that affected a limited number of systems. Upon discovery, UPPCO immediately secured its network and engaged a third-party forensic firm to investigate the event.

“After a thorough investigation, UPPCO discovered that a limited amount of information may have been accessed by an unauthorized party in connection with this event,” the letter states. “UPPCO has taken steps to address the event and remains committed to protecting information in our care. At this time, there is no evidence that your information has been viewed, disclosed, or misused. UPPCO is providing this notification to you in an abundance of caution so that you may take steps to safeguard your information if you feel it is necessary to do so.”

The 18-page complaint, filed in Marquette on behalf of Roll and the alleged class of over 100 customers, claims that “The Data Breach was the result of UPPCO’s failure to implement reasonable security procedures and practices. UPPCO failed to disclosure (cq) material facts surrounding its deficient data security protocols. Such a failure to protect its customers’ information violates UPPCO’s obligations as established by law.”

According to the complaint, hackers infiltrated UPPCO’s networks on June 23 due to its failure to implement reasonable cybersecurity procedures. The case alleges that customers’ names and Social Security numbers are now in the hands of unknown third parties, despite UPPCO’s privacy policy promise to “protect all information that you provide us.”

On Dec. 1, 2022, UPPCO released a statement that said, in part:

“As previously reported by Upper Peninsula Power Company (UPPCO), the company detected a computer network intrusion earlier this year. Upon discovery, UPPCO immediately secured its network and engaged an outside forensic firm to investigate the nature and extent of the incident. At the conclusion of the investigation, UPPCO discovered that a limited amount of information may have been accessed by an unauthorized party as a result of the incident.”

Brett French, UPPCO’s Vice President of Business Development and Communications, in the statement says:

“Our investigation into this matter has concluded and we are notifying individuals whose information may have been accessed out of an abundance of caution. At this time, there is no evidence to suggest that any information has been fraudulently misused.”

French added that, “We believe the case is entirely without merit and offer no further comment at this time as this matter is the subject of potential litigation.”