A proposed class action seeks to hold Peoples Bank accountable for a months-long data breach that reportedly affected 47,590 current and former Limestone Bank customers.
Want to stay in the loop on class actions that matter to you? Sign up forClassAction.org’s free weekly newsletter here.
The 28-page lawsuit says Peoples Bank, an Ohio-based bank that completed its acquisition of Limestone Bank in May 2023, has failed to implement reasonable cybersecurity measures to protect consumers’ personal information, including at least their Social Security numbers, full names and financial account numbers.
The filing relays that Limestone, which prior to the merger had 15 locations throughout Kentucky, launched an investigation after it identified “unusual activity involving an employee’s email account.” According to the case, Limestone concluded that an unauthorized party had infiltrated its systems and stolen customers’ private data between November 21, 2022 and March 23, 2023.
“[The defendant] had obligations created by contract, industry standards, common law, and representations made to [the plaintiff] and Class Members, to keep their [sensitive personal information] confidential and to protect it from unauthorized access and disclosure,” the case contends.
The complaint adds that Peoples Bank’s data security obligations were “particularly important” given the frequency of cyberattacks in recent years.
To make matters worse, Peoples Bank waited until September 15 of this year to inform affected individuals of the incident, although its notice letter offers no explanation for why this delayed notification was sent “nearly six months after the last possible date of the data breach, and nearly ten months since the earliest,” the case says.
The lawsuit also notes the defendant has provided victims with “minimal concrete information on the steps it has taken or specific efforts made to reasonably ensure that such a breach cannot or will not occur again.”
Per the filing, Peoples Bank has offered complimentary credit monitoring services to victims for an indeterminate amount of time.
“This response is entirely inadequate to Plaintiff and class members who now potentially face several years of heightened risk from the theft of their [sensitive personal information] and who may have already incurred substantial out-of-pocket costs in responding to the Data Breach,” the suit contends.
The plaintiff, a Kentucky resident who received a notice informing him that his data was compromised in the breach, says he has already received significantly more spam texts and emails since the incident transpired.
The plaintiff also states he received an email notice from Peoples Bank in September 2023 informing him that an unauthorized individual had attempted to log into his account using his username. As the case tells it, the bank has yet to publicly admit that usernames were part of the data stolen during the cyberattack.
The lawsuit looks to represent anyone in the United States whose personal information was compromised in the data breach announced by Peoples Bank on or about September 15, 2023.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed cancer, endometriosis or reproductive problems after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.