Truist Bank was sued over data breach.

Facebook
X
LinkedIn
Pinterest
Threads
Email

Two federal legal claims have been filed against Truist Bank over a cyberattack in October that exposed a few clients’ very personal data

Truist Bank failed “to properly secure and safeguard sensitive information of its customers,” claimed by Plaintiffs Stephen Ruffin and Marshall Boyd, in two separate complaints filed in the US District Court for the Western District of North Carolina earlier in June.

The Charlotte-based bank, one of the largest commercial banks in the country, supposedly didn’t keep guideline security methodology that might have prevented the cyberattack and didn’t inform its clients regarding the breach in a timely and exact manner.

As per lawsuits, Truist Bank began informing affected clients of the data breach in May, almost six months after the breach occurred around October 27 of the previous year.

” An unauthorized third party gained access to “a small number” of Truist employee accounts,” The notice letter, sent on behalf of the Truist Bank by Financial Business and Consumer Solutions said.

The letter read, “This unauthorized party used these accounts to obtain the information of some Truist clients. At that time, our cybersecurity team promptly took steps to assess the intrusion and contain the unauthorized access.”

It said the affected information included names, date of birth, financial account number, loan balance and transaction amounts.

As per both Ruffin and Boyd, the letter precluded the identity of the cybercriminals that penetrated that bank’s systems, the date when the breach was identified, the exploited vulnerabilities, and the remedial measures embraced to guarantee such a breach doesn’t happen once again.

The plaintiffs said, “This ‘disclosure’ amounts to no real disclosure at all, as it fails to inform, with any degree of specificity, plaintiff and class members of the data breach’s critical facts.”

 They claimed, “Without these details, plaintiff’s and class members’ ability to mitigate the harms resulting from the data breach is severely diminished.”

Truist Bank has been contacted by Cybernews for comment.

“Truist Bank knew or should have known that the [personal identifiable information] that they collected and maintained would be targeted by cybercriminals,” Both Ruffin, from Georgia, and Boyd, from Florida, said in their complaints.

Instead, the bank “kept up with, utilized, and shared the [information] in a careless way,” they said. Because of the breach, they said they suffered “concrete injuries” and are suing for carelessness, breach of implied agreement, and unjust advancement. Boyd is moreover suing for violations  of the Florida Misleading and Unfair Trade Practices Act.

Never Miss An Update
Never miss any important news. Subscribe to our newsletter.
Latest News

Subscribe to our newsletter

Sign up for newsletter and receive exclusive cyber news regularly