Ally Bank is facing a class action lawsuit following a cyberattack earlier this year that compromised customers’ personal information. The lawsuit, filed by Sebastian Owens, claims that an unknown hacker gained unauthorized access to the bank’s network and stole sensitive data, including Social Security numbers, birthdates, and auto account numbers. The plaintiff alleges that Ally Bank failed to implement adequate security measures or protocols to safeguard this information, despite widespread awareness of the growing risk of cyberattacks.
The class action points to other major companies, such as Facebook, Microsoft, and Estee Lauder, that have also been targeted by hackers, arguing that Ally Bank should have anticipated the risks and strengthened its data protection systems accordingly. Owens also asserts that Ally Bank’s failure to act proactively to prevent breaches has left customers vulnerable to identity theft and fraud. The lawsuit claims that the bank’s negligence in securing personal data is a significant factor in the breach.
Another key aspect of the lawsuit is Ally Bank’s delayed notification of the breach to its customers. The bank allegedly did not inform affected individuals until May 23, 2024, despite being aware of the cyberattack a month earlier. Owens argues that this delay allowed the hacker to post and sell compromised data on the dark web, exposing customers to further harm. This failure to notify victims in a timely manner is central to the claims made in the class action.
This is not Ally Bank’s first legal challenge concerning data security. In 2021, the bank was involved in a lawsuit following a programming error that exposed customers’ usernames and passwords to third parties. Though the case was eventually dismissed, it highlights ongoing concerns over the bank’s handling of customer data. The current class action underscores growing scrutiny over Ally Bank’s security practices and its responsibility to protect sensitive customer information from cyber threats.
Reference:
