Cadence Bank Hit with Class Action After Customer Info Was Exposed During MOVEit Data Breach
Last Updated on March 13, 2024
Marsh et al. v. Cadence Bank
Filed: October 12, 2023 ◆§ 1:23-cv-00136
Cadence Bank faces a class action after it fell victim to a “massive and preventable” data breach that reportedly occurred between May 28 and May 31 of this year.
Cadence Bank faces a proposed class action after it fell victim to a “massive and preventable” data breach that reportedly occurred between May 28 and May 31 of this year.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 53-page lawsuit says the Mississippi-based bank learned on June 1 that cybercriminals had recently infiltrated MOVEit, a file transfer application the bank uses to store and send sensitive files. After launching an investigation, Cadence determined that the May 2023 MOVEit security incident compromised information belonging to customers, including names, addresses, dates of birth, Social Security numbers, driver’s license numbers and financial account information, the case claims.
The suit relays that Cl0p, a notorious, Russian-linked cybergang, has taken credit for the MOVEit data breach and even published batches of stolen information on its dark web leak site. Consequently, Cadence Bank data breach victims face a lifetime risk of identity theft, fraud and other criminal misuse of their private information, the lawsuit stresses.
The suit argues that Cadence should be held accountable for the breach given that the intrusion allegedly stemmed from the bank’s failure to properly monitor its networks, implement adequate data security practices and encrypt consumers’ private data.
Related Reading: 2023 MOVEit Data Breach Lawsuits
According to the complaint, companies that use MOVEit are independently responsible for determining which security features offered by the application they wish to employ, deciding what kind of data the software will transfer and whether that data will be encrypted, and monitoring early indicators that hackers are attempting to access files stored on the application. The suit shares that the company behind MOVEit even offers detailed guidance on how users can configure the software to operate in the most secure manner.
“However, Cadence disregarded these directives and did not implement them,” the filing says, claiming that the data breach could have been prevented had the defendant “taken this responsibility seriously.”
The case goes on to allege that the defendant, despite learning of the breach in June 2023, waited until September 15 to send affected individuals notice of the incident. However, Cadence has yet to offer victims its assurance that it has adequately enhanced its cybersecurity practices or stopped using the poorly secured MOVEit application, the filing says.
The lawsuit looks to represent anyone in the United States who received a data breach notice letter from Cadence Bank.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.