Class Action Filed Against MidFirst Bank Over May 2023 Data Breach

New to ClassAction.org? Read our Newswire Disclaimer

MidFirst Bank faces a proposed class action over a May 2023 data breach that compromised current and former customers’ private information.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

According to the 71-page lawsuit, the Oklahoma City-based bank is among the hundreds of organizations affected by the massive cyberattack against MOVEit, a popular file transfer service and IT vendor of MidFirst. The complaint says that an unauthorized third party was able to download files from the MOVEit platform between May 27 and May 31 of this year, exposing MidFirst customers’ names, Social Security numbers, account numbers and other sensitive information.

Per the filing, the data breach has also affected current and former customers of Vio, the online banking division of MidFirst. As a result, these victims now face a lifelong threat of identity theft, fraud and other criminal misuse of their personal data, the case contends.

Related Reading: 2023 MOVEit Data Breach Lawsuits

The suit argues that the cyberattack stemmed from MidFirst’s “negligent and reckless” failure to safeguard consumer data from unauthorized access by implementing appropriate cybersecurity measures.

“[The defendant] could have prevented this Data Breach by properly securing and encrypting the files and file servers containing the [personally identifiable information] of [the plaintiff] and Class Members or by exercising due diligence in selecting its IT vendors and properly auditing those vendor’s [sic] security practices,” the complaint contends.

The filing goes on to say that in its August 18 notice to impacted individuals, MidFirst omitted several “critical facts” about the incident, leaving victims in the dark about the root cause of the data breach, what vulnerabilities were exploited, why it took nearly three months to disclose the event and what steps it’s taken to ensure that a future attack doesn’t occur.

“Without these details, [the plaintiff’s] and Class Members’ ability to mitigate the harms resulting from the Data Breach is severely diminished,” the suit shares.

The lawsuit looks to represent anyone in the United States whose personally identifiable information was impacted as a result of the MidFirst Bank data breach.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.