Truliant Federal Credit Union, Doxim Failed to Protect Customer Info from Data Breach, Class Action Claims

New to ClassAction.org? Read our Newswire Disclaimer

Truliant Federal Credit Union faces a proposed class action lawsuit after a data breach reportedly exposed the private information of more than 48,000 customers.

The 33-page complaint says the cyberattack targeted the computer network of co-defendant Doxim, Inc., a third-party service provider Truliant formerly contracted with. According to the case, Doxim notified the credit union in late April 2024 that there had been unauthorized access to Truliant files from 2012 stored in its system.

Did you receive a notice about the Doxim data breach? Let us know here.

In a notice letter sent to affected customers around May 14, 2024, Truliant stated that the incident compromised victims’ names, Social Security numbers, account numbers and financial information, the filing says. Customers’ addresses and dates of birth may have also been impacted, the suit alleges.

The lawsuit claims the breach—which was detected on December 30, 2023, according to Doxim’s notice letter to affected credit union members—was the direct result of the defendants’ failure to implement adequate cybersecurity protocols. Per the case, the companies left consumers’ sensitive information “accessible, unencrypted, unprotected, and vulnerable” to cybercriminals.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

“Armed with the [personally identifiable information] accessed in the data breach, data thieves can commit a variety of crimes, including opening new financial information in class members’ names, taking out loans in class members’ names, using class members’ names to obtain medical services, and using class members’ [personally identifiable information] to target other phishing and hacking intrusions,” the suit stresses.

The complaint also takes issue with Truliant’s alleged failure to provide affected individuals with adequate protective services. Despite facing a significant risk of identity theft and fraud for years to come, Truliant data breach victims have been offered merely 12 months of free credit monitoring services that they must bear the burden of enrolling in, the case says.

The suit notes that the defendants have failed to disclose crucial information about the incident, including details about when the data breach took place, the extent of the compromised information, how cybercriminals were able to exploit vulnerabilities in Doxim’s security systems, and what, if any, steps they’ve taken to prevent future attacks from occurring.

The lawsuit looks to represent anyone whose personal information was accessed by unauthorized persons in the data breach announced by Truliant Federal Credit Union.

Did you receive a notice about the Doxim data breach? Let us know here.