The bank faced a data breach in August and is now facing a class action lawsuit.
What happened
In August of 2024, Wells Fargo filed a notice of a data breach with the Attorney General of Vermont.
According to the notice, the breach was the result of a former employee accessing information after the employee’s termination. The former employee was able to access and, according to the report, use some customer information for fraudulent purposes.
Upon discovering the incident, Wells Fargo said they immediately began an investigation. The investigation revealed that personal information may have been accessed between May 2022 and March 2023.
Accessed data may have included names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, driver’s license numbers, bank account numbers, credit/debit card numbers, broker account numbers, and loan/credit line information.
In response to the incident, Wells Fargo said they “take [their] responsibility to safeguard your information very seriously…We are taking measures to monitor your account(s) for suspicious events or changes and continually review our security measures to reduce the likelihood of this happening in the future.”
Additionally, Wells Fargo is offering credit monitoring to impacted customers.
What’s new
Now, Wells Fargo is facing a class action suit. The lead plaintiff, Tamra Bacon, alleges that the hack was preventable and impacted thousands of customers. Bacon says the incident has caused her financial difficulty and emotional stress. She also stated that the stress has been compounded “by the fact that Defendant has still not fully informed her of key details about the Data Breach’s occurrence.”
According to the complaint, there are currently over 100 class members. Members are seeking financial relief and accountability.
The big picture
Class action suits are becoming the norm following data breaches like these. Many result in a settlement, with organizations agreeing to improve security and provide financial relief to class action members.
While many breaches are preventable, they can be difficult without the right software, tools, or policies. Often, breaches are caused by human error–employees clicking on the wrong links or accidentally sharing access information. In this case, the breach could have potentially been avoided if the former employee’s account credentials were disabled.
Data breaches and the resulting class action lawsuits can place a significant financial burden on organizations. These organizations may have to quickly improve their security posturing, all while trying to save their reputation and assist impacted customers. The best strategy is to have a strong cybersecurity system and processes, ensuring that only authorized individuals have access to private information.
Related: HIPAA Compliant Email: The Definitive Guide
Abby Grifno
