Class Action Filed Over Happy State Bank 2022 Data Breach
Gallens v. Happy State Bank
Filed: May 10, 2023 ◆§ 3:23-cv-01069
Happy State Bank faces a class action that alleges a July 2022 data breach stemmed from its negligent failure to secure customers’ highly sensitive information.
Happy State Bank faces a proposed class action that alleges a July 2022 data breach stemmed from its negligent failure to secure customers’ highly sensitive information.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
According to the 50-page case, a former Happy State Bank employee’s email account was accessed without authorization between July 28 and 29, 2022, compromising the personal and financial information of at least 17,317 current and former customers whose data was stored on the account.
“[I]nexplicably and in violation of adequate data security practices,” the email account was still active even though the employee no longer worked at the Texas-based bank, the filing claims, adding that the worker had been subject to an email phishing scam prior to their termination.
The files extracted by the unauthorized party included consumers’ names, Social Security numbers, dates of birth and financial account information, the complaint says. Per the suit, there is a “strong probability” that criminals will buy and sell entire batches of this stolen data on the black market, exposing affected individuals to a substantial and ongoing risk of identity theft, fraud and other forms of personal, social and financial harm.
The lawsuit says that Happy State Bank began notifying victims of the breach between eight and nine months after it discovered “unusual activity” in July 2022. Affected individuals received “vague” letters from the bank throughout March and April 2023 advising them to “remain vigilant” against suspicious activity in their financial accounts and to take protective measures, the complaint relays.
Happy State Bank’s failure to properly safeguard and encrypt consumer data is “particularly egregious” given the prevalence of data breaches in recent years, particularly within the financial industry, the filing claims.
Moreover, the bank had a legal duty to protect consumers’ personal information from unauthorized access pursuant to its own policies, industry standards and federal and state laws that govern data security and privacy practices, the case contends.
The lawsuit looks to represent anyone in the United States whose personally identifiable information was accessed or exfiltrated during the data breach announced by Happy State Bank in 2023.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Camp Lejeune residents now have the opportunity to claim compensation for harm suffered from contaminated water.
Read more here: Camp Lejeune Lawsuit Claims
Sign Up For
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.