TAMPA, Fla. (WFLA) — A class-action lawsuit was filed against Tampa General Hospital after a data breach resulted in more than 1.2 million people having their data stolen.

The lawsuit, filed Friday, accuses TGH of failing to safeguard their data and failing to notify those who had their data stolen until two months after the breach.

The three victims in the lawsuit are not revealing their identities due to the sensitive nature of the case and the information stolen, however, one has already had their identity stolen and another is a retired FBI agent, according to attorneys with Morgan & Morgan.

“Our clients’ allegations in this case paint a picture of Tampa General Hospital’s cavalier attitude toward cybersecurity and patient privacy,” the attorneys said in a statement.

The lawsuit claims TGH was already aware their cybersecurity measures were “inadequate” due to a previous security incident in 2014.

TGH failed to comply with the FTC and HIPAA, according to the lawsuit.

“TGH breached its duty to use reasonable care to protect and secure [the victims’] Personal Information by employing substandard or non-existent data and cybersecurity protocols,” according to the lawsuit.

The victims brought the lawsuit on behalf of themselves and other people who have had their data stolen in the breach.

TGH is accused of violating the Florida Deceptive and Unfair Trade Practices Act, negligence, breach of express contract, breach of implied contract in fact, invasion of privacy, unjust enrichment, breach of confidence, and breach of fiduciary duty.

The victims are seeking an unspecified amount of damages.

Read the full lawsuit below

News Channel 8 has reached out to Tampa General Hospital for comment and is waiting to hear back.