Umpqua Bank Failed to Protect Customer Data from 2023 Cyberattack, Class Action Says
Elizondo v. Umpqua Bank
Filed: October 23, 2023 ◆§ 4:23-cv-05441-KAW
A class action claims negligence on the part of Umpqua Bank is to blame for a data breach this year that reportedly exposed the personal information of current and former customers.
A proposed class action claims negligence on the part of Umpqua Bank is to blame for a data breach this year that reportedly exposed the personal information of current and former customers.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
In an August 2023 notice letter sent to victims, the Oregon-based bank admitted that it had been affected by a targeted cyberattack involving MOVEit, a file transfer platform used by one of the defendant’s third-party IT vendors to store and move customer data.
The 26-page lawsuit relays that between May 29 and May 30 of this year, cybercriminals exploited a vulnerability in the MOVEit software and gained unauthorized access to files containing information belonging to Umpqua Bank customers. The data compromised in the breach included individuals’ names and Social Security numbers, the suit reports.
The case argues that the defendant failed to take reasonable steps to secure the customer information and neglected to ensure that its IT vendor maintained adequate cybersecurity standards.
“Had Umpqua [Bank] ensured that its vendors implemented reasonable data security systems and procedures (i.e., followed guidelines from industry experts and state and federal governments), then it likely could have prevented hackers from accessing its customers’ [personally identifiable information],” the complaint charges.
In addition, the filing contends that the bank’s notice letter was “intentionally misleading” and “ignore[d] the serious harm [the defendant’s] security flaws caused to the Class.” As the lawsuit tells it, the notice letter lacks crucial details about the incident, such as how cybercriminals gained access to the system and what steps are being taken to safeguard stored data in the future.
The plaintiff, a California resident and Umpqua Bank customer, says she received notice on August 15 of this year informing her that her private information had been exposed in the breach. Like other victims, the woman now faces a significant risk of identity theft, fraud or other illegal misuse of her data as a result of the bank’s negligence, the case claims.
The lawsuit looks to represent anyone in the United States whose data was accessed in the data breach experienced by Umpqua Bank.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.