[BreachExchange] Eddie Bauer reaches $9.8 million settlement deal over leak of 1 million Veridian accounts
Destry Winant
destry at riskbasedsecurity.com
Wed May 1 10:02:04 EDT 2019
https://www.zdnet.com/article/9-8-million-settlement-reached-over-the-leak-of-1-million-veridian-credit-union-accounts/
Eddie Bauer and the Veridian Credit Union have reached a $9.8 million
compensation deal to settle a class action lawsuit over the leak of
data belonging to one million Veridian customers.
The case, Veridian Credit Union v. Eddie Bauer LLC (2:17-cv-00356),
was filed in the US District Court for the Western District of
Washington.
The $9.8 million settlement was filed last week and requires court approval.
As noted by Top Class Actions, the class-action lawsuit was filed
following a data breach in 2016. It was claimed that Eddie Bauer's
lack of adequate security practices allowed the security incident to
occur, leading to the compromise of roughly one million Veridian
customer accounts.
Payment card data including names, card numbers, expiration dates, and
security codes were reportedly compromised.
The case argued that due to the retailer's negligence, financial
institutions including Veridian then incurred costs including the
cancellation and re-issue of cards, as well as the need to provide
additional customer support.
It was reported at the time that every Eddie Bauer store in the United
States and Canada was impacted, which equates to roughly 350 physical
outlets. However, customers were not informed until six weeks after
the company learned of the cyberattack.
Two years have passed since the data breach and now litigation between
the companies may finally be at an end.
The court overseeing the case had to decide whether to apply
Washington or Iowa law -- as Eddie Bauer is headquartered in the
former and Veridian is based in the latter -- and as there are
conflicts in the two states' interpretation of liability and
negligence laws, the court eventually chose Washington which permits
cases based on negligence relating to contractual relationships and
duty of care.
Under the terms of the settlement, $1 million to $2.8 million has been
set aside in 'compensation' for customers -- which equates to $2 per
customer which had a card involved in the breach -- and potentially
more if every customer does not claim their due.
In addition, over $5 million will be set aside to boost Eddie Bauer's
security, and $2 million will cover legal fees and administration
costs.
More information about the BreachExchange
mailing list