Webster Bank, Guardian Analytics, Actimize Hit with Class Actions Over Months-Long Data Breach [UPDATE]
Last Updated on February 8, 2024
Marshall et al. v. Guardian Analytics, Inc. et al.
Filed: April 18, 2023 ◆§ 2:23-cv-02156
Guardian Analytics, Actimize and Webster Bank face at least two class actions over a data breach that reportedly occurred from November 2022 through January 2023.
February 8, 2024 – Guardian Data Breach Lawsuit Settlement Website Is Live
The official website for the Guardian Analytics data breach settlement is live and can be found at WebsterClassActionSettlement.com.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
To receive settlement benefits—credit monitoring services, reimbursement for lost time or expenses or, in the alternative, a cash payment—class members must file a claim form online or by mail by April 24, 2024.
To submit a claim online, head to this page. Class members may also download the PDF claim form or call the settlement administrator to receive a paper copy.
To file a claim, you will need the unique ID found on the settlement notice you received in the mail.
According to the official website, the roughly $1.4 million settlement fund will be divided among eligible class members after administrative expenses, service awards and attorneys’ fees are deducted.
The parties now await final approval of the settlement terms from United States District Judge William J. Martini. A final approval hearing is scheduled for April 23, 2024. The website explains that payments and benefits will be distributed to eligible class members if the court grants final approval to the deal, and after any objections or appeals are resolved.
Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.
January 16, 2024 – Defendants Agreed to Settle Guardian Data Breach Lawsuits for $1.4 Million
The defendants in the proposed class actions detailed on this page have agreed to pay over $1.4 million to settle the cases, which were consolidated with similar lawsuits in July 2023.
Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.
The settlement, which the court preliminarily approved on January 3, 2024, covers anyone who was notified that their personal information might have been impacted during the data security incident that affected Guardian’s systems between November 27, 2022 and January 22, 2023.
Court documents state that those covered by the settlement will receive notice about the deal within 21 days of the court granting preliminary approval, or no later than January 24.
According to the settlement agreement, the defendants have agreed to pay a total of $1,430,207.50, which eligible consumers can receive a share of by filing a timely, valid claim by mail or online at the official settlement website.
ClassAction.org will update this page when the official Guardian data breach settlement website goes live.
Class members who submit a claim with proof that they incurred certain out-of-pocket expenses as a result of the breach can receive up to $200 in compensation. Those covered by the deal can also submit a claim to receive $25 for each documented hour they spent dealing with the incident, with a cap of four hours.
In addition, class members who have fallen victim to documented cases of identity theft or fraud can receive up to $5,000. Eligible consumers can also submit a claim for two years of three-bureau credit and identity theft monitoring with $1 million in insurance.
In lieu of the benefits mentioned above, class members can file a claim for a pro-rated cash payment. Guardian data breach victims whose Social Security numbers were compromised in the incident will receive twice as much money as victims whose Social Security numbers were not compromised, court documents share.
Lastly, each defendant has agreed, as part of the settlement, to take certain measures to improve their cybersecurity to prevent future data breaches from occurring.
A final approval hearing is scheduled for April 23, 2024. Payments will be distributed to eligible class members if the court grants final approval to the deal, and after any appeals or objections are resolved.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Guardian Analytics, parent company Actimize and Webster Bank face at least two proposed class actions over a data breach that reportedly occurred from November 2022 through January 2023.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
According to the cases, Webster Bank announced on April 10, 2023 that unauthorized actors had hacked the systems of its third-party fraud detection provider, Guardian, various times between November 27, 2022 and January 22, 2023. The lawsuits claim that the ransomware attack, which has exposed the personal information of 191,563 consumers, including Webster Bank clients, is due to the defendants’ failure to implement adequate cybersecurity measures.
More specifically, the defendants stored clients’ sensitive data on a database that was not password protected and therefore accessible to any member of the public, one complaint contends. One filing claims that cybercriminals were able to exploit this “obvious vulnerability,” access files containing consumers’ names, Social Security numbers and financial account numbers and list this information for sale on the dark web.
Although Webster Bank says it discovered the ransomware attack on January 26 of this year, it only began notifying affected individuals of the breach on April 10, the cases assert.
“As a result of this delayed response, Plaintiffs and Class Members had no idea their [personally identifiable information] had been compromised, and that they were, and continue to be, at significant risk of identity theft and various other forms of personal, social, and financial harm, including the sharing and detrimental use of their sensitive information,” one suit stresses. “The risk will remain for their respective lifetimes.”
Per the complaints, the defendants were fully aware of their obligations under common law, industry standards and their own representations to properly safeguard the personal information provided to them in the course of doing business. Nevertheless, the companies failed to comply with Federal Trade Commission guidelines and “basic” industry standards for data security, one suit contends.
What’s more, one case argues that the defendants “knew or should have known” that their electronic records would be targeted by cybercriminals and but instead “intentionally, willfully, recklessly, or negligently” overlooked their responsibility to adequately safeguard consumers’ personal information from unauthorized access.
“Defendants could have prevented this Data Breach by properly securing and encrypting the systems containing the Private Information of Plaintiff and Class Members,” one complaint reads. “Alternatively, Defendants could have destroyed the data, especially for individuals with whom it had not had a relationship for a period of time.”
The lawsuit looks to cover anyone whose private information was actually or potentially accessed or acquired during the data breach announced by Webster Bank on or around April 10, 2023.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.