fbpx

Ally Financial Programming Error Data Exposure California Class Action

Data breaches, which expose personally identifiable information (PII) to other parties, are normally a result of cybercriminals gaining access to a company’s or institution’s files. In the case of the unauthorized exposure of information held by Ally Bank and Ally Financial, Inc., no cybercriminals were involved; the complaint for this class action alleges that the event was the result of a website programming error.

The class for this action is all California citizens whose PII was compromised in the data breach announced by Ally Bank on or about June 11, 2021.

Ally Financial is a bank and financial holding company. Ally Bank is its subsidiary and one of the largest online-only banks in the nation, with about 2.5 million customers and $139 billion in deposits. Like all banks and financial companies, it collects sensitive and private information on its customers, including full names, addresses, dates of birth, Social Security numbers, and information on their occupations.

It advertises, “Your security is one of Ally’s top priorities. For your protection, only people who need your information to do their jobs have access to the personal information you provide us…” It claims to use something called Transport Layer Security (TLS) Encryption, “to help protect your information” and also to maintain administrative, technical, and physical safeguards designed to protect your personal information.”

It offers the slogan “Do It Right” as its philosophy.

But Ally allegedly did not “Do It Right” when it permitted a programming code error to inadvertently share customers’ usernames and passwords with other entities with which it had relationships.

Ally claims that it first discovered the programming code error on April 12, 2021. However, it did not tell customers their information had been exposed to others until nearly two months after that, on June 11, 2021, when a Notice was sent out. The Notice admitted to the programming code error and stated, “Upon detecting the error … we immediately updated the programming code to ensure it no longer included username and password information.”

According to the complaint, Ally customers have pointed out important information not included in the Notice.

  • It does not explain why it took Ally two months to notify them.
  • It does not reveal the identities of the third parties that received Ally customers’ private information.
  • It does not say how long the error was active and improperly revealing information.
  • It does not tell how the recipients might have used or monetized the information.
  • It does not say what these parties are now doing to ensure that the information is protected and how Ally can be sure that the information has been deleted.

The complaint alleges, “Ally’s negligence in safeguarding is particularly egregious in light of its repeated warnings to customers about protecting and securing their data, as well as Ally’s knowledge of the consequences from other companies’ data breaches.”

The causes of action include negligence, negligence per se, and violations of the California Consumer Privacy Act and the California Customer Records Act, among other things.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Ally Financial Programming Error Data Exposure California Complaint

November 2, 2021

Data breaches, which expose personally identifiable information (PII) to other parties, are normally a result of cybercriminals gaining access to a company’s or institution’s files. In the case of the unauthorized exposure of information held by Ally Bank and Ally Financial, Inc., no cybercriminals were involved; the complaint for this class action alleges that the event was the result of a website programming error.

Ally Financial Programming Error Data Exposure California Complaint

Case Event History

Ally Financial Programming Error Data Exposure California Complaint

November 2, 2021

Data breaches, which expose personally identifiable information (PII) to other parties, are normally a result of cybercriminals gaining access to a company’s or institution’s files. In the case of the unauthorized exposure of information held by Ally Bank and Ally Financial, Inc., no cybercriminals were involved; the complaint for this class action alleges that the event was the result of a website programming error.

Ally Financial Programming Error Data Exposure California Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy