Two lawsuits filed against Ally Bank this month accuse the company of failing to protect customer data from breaches and of taking too long to notify customers after the compromise of personal data, including Social Security numbers. Data-breach lawsuits have become more common as breaches themselves happen with unrelenting frequency. The number of data breaches in the U.S. rose from 447 in 2012 to more than 3,200 in 2023, according to Statista . In a more recent trend, cybercriminals often publish and sell the stolen customer data on the dark web. “We’re at the ‘unsafe at any speed’ point in data,” said consultant Allison Sagraves, who formerly was chief data officer at M&T Bank. “Customers are smart enough to know that digital products need to be designed with reasonable safety protocols. Digital negligence is real — consumers expect companies to use appropriate safety protocols. Breaches will happen, but we need to continue to work on building safer digital traffic.”
* Both lawsuits were filed in the U.S. District Court Western District of North Carolina. * Both lawsuits claim that Ally Financial and its banking subsidiary failed to implement adequate and reasonable cybersecurity procedures and protocols.
He was then notified that his auto loans were being sold to a third-party company. He was not informed about the breach or the sale until after the fact. This incident highlights a significant issue with Ally’s customer communication practices. Ally’s failure to inform customers about the breach and subsequent sale of their auto loans raises serious concerns about the bank’s transparency and accountability.
The complaint also alleges that the company failed to train its employees on cybersecurity best practices, leaving them vulnerable to phishing attacks and other cyber threats.
The suit alleges that the bank has been negligent in its data security practices, leading to a breach that exposed the personal information of millions of customers. This negligence, the suit claims, has resulted in significant financial and reputational damage to the customers and the bank itself. The suit seeks to hold the bank accountable for its negligence and to ensure that it takes appropriate measures to prevent future data breaches.
Owens believes this information was published and sold on the dark web by cybercriminals, according to the lawsuit. Ally failed to adequately protect, encrypt or redact sensitive personally identifiable information, the complaint states. “The exposure of one’s PII to cybercriminals is a bell that cannot be un-rung,” the complaint states. “Before this Data Breach, Plaintiff’s and the Class’s PII was exactly that — private. Not anymore. Now, their PII is forever exposed and unsecure.” Lawsuits like these will drive more investment in cybersecurity, Sagraves said. “As a litigious society, we don’t always get this balance right,” she said.
news is a contributor at gdprIQ. We are committed to providing well-researched, accurate, and valuable content to our readers.
