BreachExchange mailing list archives
Eddie Bauer reaches $9.8 million settlement deal over leak of 1 million Veridian accounts
From: Destry Winant <destry () riskbasedsecurity com>
Date: Wed, 1 May 2019 09:02:04 -0500
https://www.zdnet.com/article/9-8-million-settlement-reached-over-the-leak-of-1-million-veridian-credit-union-accounts/ Eddie Bauer and the Veridian Credit Union have reached a $9.8 million compensation deal to settle a class action lawsuit over the leak of data belonging to one million Veridian customers. The case, Veridian Credit Union v. Eddie Bauer LLC (2:17-cv-00356), was filed in the US District Court for the Western District of Washington. The $9.8 million settlement was filed last week and requires court approval. As noted by Top Class Actions, the class-action lawsuit was filed following a data breach in 2016. It was claimed that Eddie Bauer's lack of adequate security practices allowed the security incident to occur, leading to the compromise of roughly one million Veridian customer accounts. Payment card data including names, card numbers, expiration dates, and security codes were reportedly compromised. The case argued that due to the retailer's negligence, financial institutions including Veridian then incurred costs including the cancellation and re-issue of cards, as well as the need to provide additional customer support. It was reported at the time that every Eddie Bauer store in the United States and Canada was impacted, which equates to roughly 350 physical outlets. However, customers were not informed until six weeks after the company learned of the cyberattack. Two years have passed since the data breach and now litigation between the companies may finally be at an end. The court overseeing the case had to decide whether to apply Washington or Iowa law -- as Eddie Bauer is headquartered in the former and Veridian is based in the latter -- and as there are conflicts in the two states' interpretation of liability and negligence laws, the court eventually chose Washington which permits cases based on negligence relating to contractual relationships and duty of care. Under the terms of the settlement, $1 million to $2.8 million has been set aside in 'compensation' for customers -- which equates to $2 per customer which had a card involved in the breach -- and potentially more if every customer does not claim their due. In addition, over $5 million will be set aside to boost Eddie Bauer's security, and $2 million will cover legal fees and administration costs. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Eddie Bauer reaches $9.8 million settlement deal over leak of 1 million Veridian accounts Destry Winant (May 02)