Eddie Bauer’s Data Breach Results in Class Action Lawsuit by Affected Financial Institutions
It seems like every other week another company is in the news for suffering a data breach in which customers’ personal information has been stolen. Besides being sued by its customers and shareholders for the data breaches, companies are now facing lawsuits from affected financial institutions. Just this week, Veridian Credit Union filed a class action lawsuit against Eddie Bauer, LLC for a data breach that occurred between January and July 2016. (Veridian Credit Union v. Eddie Bauer LLC, 2:17-cv-00356 (W.D. Wash)). Veridian has brought claims of negligence, declaratory judgment, and additional state law claims on behalf of itself, as well as similarly situated financial institutions, alleging failure of Eddie Bauer to adequately secure its data networks, including its alleged failure to maintain adequate data security measures, failure to implement best practices, failure to upgrade security systems, and failure to comply with industry standards. Additionally, Veridian alleges that Eddie Bauer made matters worse by failing to notify customers of the breach for at least six weeks. In light of those alleged failures, Verdian contends that it and other financial institutions have been injured by having been forced to cancel or reissue credit cards, refund customers’ losses from unauthorized transactions, respond to increased cardholder complaints, confusion, and concern, and engage in increased fraud monitoring.
This lawsuit serves as yet another reminder of the importance for businesses to properly protect personal data through various procedures and policies. Whether its employee or customer information, businesses need to be on guard and prepared to prevent and handle data breaches. Failure to do so puts a business at risk of being subject to litigation from customers, shareholders, or even financial institutions.