Attorneys filed a proposed class action lawsuit against SunTrust Bank over a possible data breach that exposed the information of an estimated 1.5 million customers.
The lawsuit was filed in the U.S. District Court for the Northern District of Georgia on behalf of three plaintiffs—Angelica LeRoy, Curtis Smith, and Loretta Smith—and anyone else who may have been a victim of the data breach.
“The lawsuit, which we filed on behalf of clients and the 1.5 million consumers affected by the data breach, seeks to hold SunTrust accountable from its acknowledged failure to keep safe the information entrusted to it,” said Mr. Yanchunis. “In effect, SunTrust acted as the trustee for its customers, and it was the responsibility of SunTrust to ensure the security of customers’ information.”
SunTrust Bank announced the breach in a statement released on April 20, 2018, even though the breach was allegedly discovered more than a month prior in February. It is still unknown when the breach actually occurred and for how long customer information has been compromised.
Not Your Average Data Breach
Unlike many recent data breaches, there was no external hack to break into SunTrust’s computer network. Instead, an employee allegedly accessed the bank’s network and simply printed out lists with names, addresses, phone numbers, account balances, and other personally identifiable information (PII) and sold them to criminals, according to the allegations outlined in the complaint.
SunTrust then neglected to inform affected customers for several weeks, preventing them from taking the necessary steps to properly protect themselves. One and a half million SunTrust customers are now at an increased risk of becoming the victims of fraud and identity theft but did not know about the risks for at least several weeks.
They must now take time—potentially hours—to implement the necessary precautions recommended to the victims of a data breach.
Complaint Alleges SunTrust Knew About Potential for a Breach
Attorneys filed the complaint on behalf of every SunTrust customer who may suffer damages as a result of the alleged breach. The complaint states, “SunTrust knew, or should have known, that their data systems and networks did not adequately safeguard Plaintiffs’ and the Class members’ PII.”
Specifically, the complaint seeks damages for several acts of negligence on the part of SunTrust Bank, including:
- Theft of the plaintiffs’ personal and financial information
- Imminent and impending injury as a result of identity theft and potential fraud
- Untimely and inadequate notification of the data breach
- Improper disclosure of personally identifiable information
- Loss of privacy
The lawsuit also seeks to force SunTrust to improve its security measures to prevent another breach of its customers private and confidential information in the future.
If you were the victim of a data breach, learn more about the necessary precautions you should take and how to join a data breach lawsuit.