Specialist class action lawyers have launched proceedings against Oracle in Texas over two alleged data breaches.

Floridian Michael Toikach is the named plaintiff in law firm Shamis & Gentile’s class action against the cloud giant, which is seeking to represent others who are similarly affected.

Lawyers demanded a jury trial in the US District Court for the Western District of Texas, where Oracle’s headquarters are located in Austin.

One of the primary claims made by the plaintiffs, among many others, is that Oracle violated Texas state data breach notification laws in not informing the alleged victims of a breach within 60 days of becoming aware of one.

The case specifically refers to an alleged breach of Oracle Cloud, and it also alludes to health information being affected in the alleged Oracle Health breach, although this doesn’t appear to be the main focus of the case.

Oracle’s alleged security failings were blamed for the loss of personally identifiable information (PII) and a “wide variety” of personal health data, and Oracle’s silence on the matter exacerbates these claims, the case argues.

Toikach alleges that Oracle has not yet informed him or other customers of a breach, clarified whether it was able to maintain the security of his data, or explained how the alleged incident occurred.

“All of this information is vital to victims of a data breach, let alone a data breach of this magnitude due to the sensitivity and wide array of information compromised in this specific breach,” the case reads.

The plaintiff additionally made a flurry of claims about Oracle’s security posture, including alleging a failure to design and implement adequate network security, train staff on data security, detect an intrusion within a reasonable time frame, or use security tools capable of preventing this kind of attack.

Lawyers cited various articles highlighting data breach victims’ negative financial experiences, arguing that Toikach anticipates “spending considerable time and money on an ongoing basis to try to mitigate and address harms caused by the data breach.”

“As a result of the data breach, plaintiff is at a present risk and will continue to be at increased risk of identity theft and fraud for years to come.”

Toikach and others who may join the case are seeking financial compensation for out-of-pocket costs and damages, as well as commitments from Oracle to improve its security posture.

The Broward County resident claims to take data protection seriously and is very careful about sharing his private information, which he typically stores in a safe and secure location, according to the complaint.

“Plaintiff greatly values his privacy, and would not have provided his private information, undertaken the services, and paid the amounts that he did if he had known that his private information would be maintained using inadequate data security systems.”