Cadence Bank Hit with Class Action After Customer Info Was Exposed During MOVEit Data Breach

New to ClassAction.org? Read our Newswire Disclaimer

Cadence Bank faces a proposed class action after it fell victim to a “massive and preventable” data breach that reportedly occurred between May 28 and May 31 of this year.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 53-page lawsuit says the Mississippi-based bank learned on June 1 that cybercriminals had recently infiltrated MOVEit, a file transfer application the bank uses to store and send sensitive files. After launching an investigation, Cadence determined that the May 2023 MOVEit security incident compromised information belonging to customers, including names, addresses, dates of birth, Social Security numbers, driver’s license numbers and financial account information, the case claims.

The suit relays that Cl0p, a notorious, Russian-linked cybergang, has taken credit for the MOVEit data breach and even published batches of stolen information on its dark web leak site. Consequently, Cadence Bank data breach victims face a lifetime risk of identity theft, fraud and other criminal misuse of their private information, the lawsuit stresses.

The suit argues that Cadence should be held accountable for the breach given that the intrusion allegedly stemmed from the bank’s failure to properly monitor its networks, implement adequate data security practices and encrypt consumers’ private data.

According to the complaint, companies that use MOVEit are independently responsible for determining which security features offered by the application they wish to employ, deciding what kind of data the software will transfer and whether that data will be encrypted, and monitoring early indicators that hackers are attempting to access files stored on the application. The suit shares that the company behind MOVEit even offers detailed guidance on how users can configure the software to operate in the most secure manner.

“However, Cadence disregarded these directives and did not implement them,” the filing says, claiming that the data breach could have been prevented had the defendant “taken this responsibility seriously.”

The case goes on to allege that the defendant, despite learning of the breach in June 2023, waited until September 15 to send affected individuals notice of the incident. However, Cadence has yet to offer victims its assurance that it has adequately enhanced its cybersecurity practices or stopped using the poorly secured MOVEit application, the filing says.

The lawsuit looks to represent anyone in the United States who received a data breach notice letter from Cadence Bank.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.