$5 Million Lawsuit - Veridian Credit Union's Alleged Data Breach

In a recent class action lawsuit, Ghassan Mohsen, represented by Roxanne Conlin & Associates, P.C., has filed a case against Veridian Credit Union. The lawsuit alleges that Veridian Credit Union failed to implement and maintain reasonable security procedures and practices, resulting in a data breach that compromised the private and confidential information of its customers. The case was filed on June 12, 2023, in the U.S. District Courts in the Iowa Northern District.

What Laws Did Veridian Credit Union Allegedly Violate?

The lawsuit alleges that Veridian Credit Union violated several laws, including the Federal Trade Commission Act, 15 U.S.C. § 45, which prohibits “unfair . . . practices in or affecting commerce,” including the failure to use reasonable measures to protect confidential data. The defendant is also accused of violating Iowa Code §§ 715C.2(1) and 715C.2(9), which require immediate notification of a data breach to victims.

Furthermore, the defendant is alleged to have violated Kentucky law, which requires companies to exercise due care in collecting, storing, and safeguarding their customers' personal information. The defendant is also accused of violating California Civil Code Sections 1798.82, et seq. (CCRA), which mandates companies to disclose any breach of the security of the system following discovery or notification of the breach.

What Led to the Filing of the Lawsuit?

The plaintiff alleges that Veridian Credit Union required customers to submit private, confidential personal identifiable information (PII) as a condition of applying for and receiving financial services. The defendant is accused of failing to take commercially reasonable steps to safeguard consumer PII. The plaintiff quotes, “Defendant voluntarily received in confidence Plaintiff’s and Class Members' PII with the understanding that the PII would not be disclosed or disseminated to the public or any unauthorized third parties”.

Furthermore, the plaintiff alleges that Veridian Credit Union had an implied contract with customers to protect their PII, and that the defendant breached this implied contract by failing to protect their PII. The plaintiff quotes, “Defendant breached the covenant of good faith and fair dealing implied in its contracts with Plaintiff and Class Members”.

Who Are the Class Members?

The class members in this case are current and former customers of Veridian Credit Union who had their PII compromised in the data breach. This includes their families and members of their staff. The criteria for being a part of the class is that the individual's PII was compromised in the data breach. The class members are located in the state of Kentucky.

The class members are eligible for damages, civil penalties, punitive damages, and/or injunctive relief. The lawsuit seeks to represent a class of individuals whose PII was compromised due to the alleged negligence of Veridian Credit Union.

What Damages is the Plaintiff Seeking?

The plaintiff and the class members are seeking damages, civil penalties, punitive damages, and/or injunctive relief. While the exact dollar amount is not stated in the complaint, it is understood that the damages sought are at least five million dollars. The lawsuit claims that Veridian Credit Union violated applicable data security laws and regulations, failed to adhere to industry standards, and breached the covenant of good faith and fair dealing implied in its contracts with the plaintiff and class members.

The lawsuit seeks to hold Veridian Credit Union accountable for its alleged failure to protect the PII of its customers, and to compensate the victims for the harm they have suffered as a result of the data breach.

What Could Be the Next Steps in the Case?

The next steps in the case will likely involve the court determining whether the case can proceed as a class action. If the court certifies the class, the case will move forward with the plaintiff representing the class members. The defendant will then have the opportunity to respond to the allegations.

Depending on the outcome of these proceedings, the case may go to trial, or the parties may reach a settlement. In either scenario, the goal of the lawsuit is to hold Veridian Credit Union accountable for its alleged failure to protect the PII of its customers, and to compensate the victims for the harm they have suffered as a result of the data breach.