fbpx

American Bank Systems Exposes Financial Institution Customers’ PII Class Action

This class action brings suit against American Bank Systems, Inc. (ABS), claiming that it has responsibility for its recent data breach. The complaint blames the company “for failing to comply with industry standards to protect information systems that contain PII, and for failing to provide timely, accurate, and adequate notice” to victims that their information had been exposed.

The class for this action is all individuals in the US and its territories whose PII was exposed in the ABS data breach which occurred between October and November 2020.

All individuals in the United States, and its territories, whose PII was compromised in the American Bank Systems Data Breach which occurred between October and November 2020.

A group called Avaddon claimed to have perpetrated the attack. It issued a “leak warning” that claimed the group had hacked into ABS’s system and taken more than fifty gigabytes (GB) of information, including the personally identifiable information (PII) of ABS’s customers. Some reports claim that the group published a 4 GB sample of the stolen information. Avaddon asked for a ransom in exchange for returning and not releasing the data.

The complaint alleges, “It appears that when ABS did not pay the fee, Avaddon published a 52.57 GB dump of the remaining data. What is particularly notable is that much of the data that was disclosed seems to have been stored by ABS as “unencrypted, plain-text files” that anyone could read.

ABS’s business is providing compliance and document management services to its customers, who are some 350 financial companies across 35 states. It therefore naturally works with files that have highly sensitive PII.

One of ABS’s customer is Freedom Bank of Southern Missouri, which used ABS to store customer information. The plaintiff in this case, Larry Lyles, is a customer of Freedom. ABS told freedom about the data breach on November 20, 2020, about ten days after it found out about the hack, but did not tell Lyles until the following month.

On December 10, 2020, ABS sent a notice to Freedom’s customers, including Lyles, the complaint says, telling them that their PII had been compromised in a data breach. Lyles’s information is now in the hands of unauthorized third parties, putting him at risk of identity theft for year to come.

The complaint’s counts allege violations of the Oklahoma Consumer Protection Act, negligence, negligence per se, and unjust enrichment. It asks for a declaratory judgment against ABS, requiring it to put in place “reasonably sufficient practices to safeguard PII” kept in its systems.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

American Bank Systems Exposes Financial Institution Customers’ PII Complaint

January 11, 2021

This class action brings suit against American Bank Systems, Inc. (ABS), claiming that it has responsibility for its recent data breach. The complaint blames the company “for failing to comply with industry standards to protect information systems that contain PII, and for failing to provide timely, accurate, and adequate notice” to victims that their information had been exposed.

American Bank Systems Exposes Financial Institution Customers’ PII Complaint

Case Event History

American Bank Systems Exposes Financial Institution Customers’ PII Complaint

January 11, 2021

This class action brings suit against American Bank Systems, Inc. (ABS), claiming that it has responsibility for its recent data breach. The complaint blames the company “for failing to comply with industry standards to protect information systems that contain PII, and for failing to provide timely, accurate, and adequate notice” to victims that their information had been exposed.

American Bank Systems Exposes Financial Institution Customers’ PII Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy