DUBLIN, Calif.–With its systems still down following a ransomware attack, two class action lawsuits have been filed against Patelco Credit Union.
The separate class action lawsuits, were filed on July 1 and July 3, respectively. Patelco’s systems went down on June 29, indicating the plaintiffs wasted little time in filing their actions. Class action lawsuits have become increasingly common after such service outages at credit unions and other financial institutions.
According to DanvilleSanRamon.com and KRON4, attorneys from the Oakland-based law firm Cole & Van Note filed the first complaint on behalf of plaintiff Eileen Poluck and “all others similarly situated.”
‘Thrown into Question’
Meanwhile, attorneys at the San Diego law firm Wolf Haldenstein Adler Freeman & Herz have also filed a class action lawsuit on behalf of Livermore resident Josh Warren and “similarly situated” class members in the same federal court.
“The crux of the allegations in both complaints is the credit union’s requirement for customers to provide a range of personally identifiable information including Social Security numbers addresses, and account information in order to use Patelco’s services, with customers having a reason to expect that information will be kept secure and private – something thrown into question by the recent security breach,” DanvilleSanRamon.com reported.
Additional Allegations
The report added that attorneys in the Poluck case allege Patelco “intentionally, willfully, recklessly and/or negligently” failed to take measures to ensure that customers’ personal information was kept secure, and that the credit union neglected to “follow applicable, required and appropriate protocols, policies and procedures regarding the encryption of data.”
“As a result, Representative Plaintiff’s and Class Members’ Private Information was compromised through disclosure to an unknown and unauthorized third party — an undoubtedly nefarious third party seeking to profit off this disclosure by defrauding Representative Plaintiff and Class Members in the future,” attorneys wrote in the Poluck complaint, according to DanvilleSanRamon.com
The report further notes that the both complaints cite the “inconvenience and frustration” brought on by both the cyberattack and the ensuing outage.
‘Lost Time’ & ‘Annoyance’ Alleged
In the Poluck complaint, the plaintiff is alleging she and other Patelco members “suffered lost time, annoyance, interference and inconvenience as a result of the data breach and has anxiety and increased concerns for the loss of privacy, as well as anxiety over the impact of cybercriminals accessing, using and selling” her private information, the report states.
Warren’s compliant elaborates further, stating, “Moreover, because of the Data Breach and resulting service outages stemming therefrom, Defendant has been encouraging Plaintiff and Class Members to travel to and from various Patelco ATM locations to withdraw or deposit their money thereby causing Plaintiff and Class Members to incur out-of-pocket travel expenses (including but not limited to gasoline/fuel expenses and wear and tear on their personal vehicles),” DanvilleSanRamon.com reported.
‘Critical Facts Not Explained’
Both complaints also allege Patelco failed to address the cyberattack in a timely fashion, and withheld the reason for the outage from members until a full day had passed and is “continuing to withhold details of the incident.”
“Noticeably absent from the Notice Email are details of the root cause of the Data Breach, the vulnerabilities that were exploited, and the remedial measures that Patelco undertook to ensure such a breach does not happen again,” the Warren complaint states. “To date, these critical facts have not been explained or clarified to Plaintiff or the Class Members, who have a vested interest in ensuring that their (personal identifying information) remains protected.”
Patelco Update
As CUToday.info reported here, in its most recent update to member Patelco said it still can’t provide a date for when online services will be restored as it seeks to recover from a ransomware attack. But it close to halfway there, the credit union said.
“I want to address the question many of you are asking about the date when systems will be up and operational with access to account information and online/mobile banking,” CEO Erin Mendez said in an online statement. “We recognize this is critical information to get to you as soon as possible. Although we don’t yet have a specific date to share with complete confidence, we are committed to sharing status updates along the way.
“As mentioned before, our infrastructure is stable, secure and we are making positive momentum daily toward our final goal: getting back to business. In addition, we are working around the clock to catch up, which includes processing transactions (e.g., recording ACH and check transactions to your account) and those recorded in-person at a Patelco branch,” Mendez continued. “We expect to make 50% progress on this task by tomorrow and are expecting to be completely caught up by the end of the week. Once that happens, we will be able to confirm the date when you will be able to access your accounts.”