Truist Bank Hit with Lawsuit Over Data Breach

Penka Hristovska
Penka Hristovska Senior Editor
Published on: July 5, 2024
Penka Hristovska Penka Hristovska
Published on: July 5, 2024 Senior Editor

Charlotte-based Truist Bank is facing 2 federal class action lawsuits following an October 2023 data breach, which claim the bank didn’t adequately protect individuals’ personal identifying information.

The complaints were filed by Stephen Ruffin and Marshall Boyd in the US District Court for the Western District of North Carolina earlier in June.They’re suing the bank for negligence, breach of implied contract, and unjust enrichment. Boyd is also suing for violations of the Florida Deceptive and Unfair Trade Practices Act.

More specifically, the plaintiffs allege that the bank failed to follow standard security protocols that might have prevented the cyberattack and didn’t promptly and accurately notify its customers about the breach.

According to their complaints, Truist Bank started notifying affected clients about the data breach in May, nearly 6 months after it happened.

The notice letter, sent by Financial Business and Consumer Solutions on behalf of Truist Bank, told customers that an unauthorized third party had accessed “a small number” of Truist employee accounts.

The letter explained that the “unauthorized party used these accounts to obtain the information of some Truist clients” and compromised information included names, dates of birth, financial account numbers, loan transaction amounts, and loan balances.

“At that time, our cybersecurity team promptly took steps to assess the intrusion and contain the unauthorized access,” the letter added.

Ruffin and Boyd noted in their complaints that the letter was missing important information as well, like the date the breach was detected, the vulnerabilities that were exploited, the identity of the cybercriminals, and the measures taken to prevent future breaches.

“This ‘disclosure’ amounts to no real disclosure at all, as it fails to inform, with any degree of specificity, plaintiff and class members of the data breach’s critical facts,” the plaintiffs argued. “Without these details, plaintiffs’ and class members’ ability to mitigate the harms resulting from the data breach is severely diminished.”

The complaints claim that the bank “knew or should have known that the [personal identifiable information] that they collected and maintained would be targeted by cybercriminals.”

About the Author
Penka Hristovska
Penka Hristovska
Senior Editor
Published on: July 5, 2024

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.

Leave a Comment