fbpx

Ally Bank, Ally Financial Customer Info Breach Class Action

Data breaches can be caused by a company’s failure to take sufficient measures to protect users’ private information. But how much worse is the fault when the exposure doesn’t even require a cyberattack, but is the result of the company’s own actions? The complaint alleges that in the case of the data exposure for Ally Bank and Ally Financial, Inc., “the Data Breach was entirely Ally’s doing.”

The class for this action is all persons in the US whose private information was compromised in the data breach announced by Ally Bank on or around June 11, 2021.

Banks are and other financial institutions are generally expected to have the highest levels of security for access to customer accounts.

Before the data breach, the complaint quotes Ally’s website as saying, “Keeping [customer accounts and personal information secure is a top priority for us” and “We use the latest encryption technology to help protect your information…”

However, it seems Ally Bank and Ally Financial can expose information all by itself. “In a June 11, 2021 data breach notification letter…,” the complaint alleges, Ally “disclosed that a programming code error associated with Ally’s website inadvertently revealed Ally’s customers’ usernames and passwords to third parties with whom Ally had business relationships.”

This exposure “did not result from a sophisticated attack perpetrated by cyber criminals or state sponsored hackers[,]” the complaint claims. Instead, “Ally negligently programmed its website portal to reveal, in clear unencrypted text [customers’] usernames and passwords used to access their Ally banking and investment accounts to Ally business partners.”

That’s not all. The complaint claims that “Ally also failed to adequately test or monitor the security of its website. Had Ally merely undertaken reasonable steps to test or monitor the security of its website, Ally would have immediately discovered and stopped revealing those usernames and passwords to third parties.”

After this “inexcusable” failure to protect customers’ information, the complaint claims, it then put off notifying the victims of the breach for nearly two months.

Since then, Ally has offered victims 24 months of Equifax credit monitoring. But, the complaint alleges, “Equifax does not fully protect [the victims] from identity theft, and even if it did, 24 months is by no means a sufficient duration of credit monitoring given the breadth and extent of personal and confidential information compromised in the Breach.”

The counts include negligence, negligence per se, breach of implied contract, and violation of the Virginia Personal Information Breach Notification Act, among other things.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Ally Bank, Ally Financial Customer Info Breach Complaint

August 13, 2021

Data breaches can be caused by a company’s failure to take sufficient measures to protect users’ private information. But how much worse is the fault when the exposure doesn’t even require a cyberattack, but is the result of the company’s own actions? The complaint alleges that in the case of the data exposure for Ally Bank and Ally Financial, Inc., “the Data Breach was entirely Ally’s doing.”

Ally Bank, Ally Financial Customer Info Breach Complaint

Case Event History

Ally Bank, Ally Financial Customer Info Breach Complaint

August 13, 2021

Data breaches can be caused by a company’s failure to take sufficient measures to protect users’ private information. But how much worse is the fault when the exposure doesn’t even require a cyberattack, but is the result of the company’s own actions? The complaint alleges that in the case of the data exposure for Ally Bank and Ally Financial, Inc., “the Data Breach was entirely Ally’s doing.”

Ally Bank, Ally Financial Customer Info Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy