Eight proposed class-action lawsuits have been filed in federal court against the $1 billion Connex Credit Union in New Haven, Conn., following a data security breach that potentially exposed personal information of approximately 172,000 individuals, according to court documents.
Susan Thomas filed the first lawsuit in U.S. District Court in New Haven on Aug. 13, just a week after the credit union began mailing notification letters to its members about the external cyber hack. Andrea Arroyo filed the eighth proposed class action lawsuit Tuesday. Connex currently serves 70,328 members.
Thomas is suing Connex for alleged negligence, breach of implied contract, invasion of privacy and unjust enrichment. The seven other lawsuits also cited the same or similar civil claims.
“Connex experienced a cybersecurity incident that resulted in a temporary interruption of service in June. We immediately took measures to secure our systems and initiated an investigation with the assistance of external experts,” Connex President/CEO Frank Mancini said. “Our investigation recently concluded that certain Connex member personal information could have been involved. We are in the process of notifying our members and offering them complimentary credit monitoring and identity protection services. Importantly, we have no reason to believe member accounts or funds were impacted or otherwise subject to unauthorized access. We greatly appreciate the patience and understanding of our members during this time.”
On June 3, the credit union said it experienced unusual activity in its cyber environment and immediately started an investigation using independent experts to assist. Connex began mailing notification letters to members on Aug. 7, according to disclosures filed with the Maine Attorney General’s Office.
In its letter to members, Connex said some of its files had been accessed or downloaded without authorization between June 2 and 3. Additionally, on July 27, Connex also said it identified certain individuals whose personal information may have been involved in the incident. However, the number of individuals was not disclosed.
Potentially affected data included names, accounts numbers, debit card information, Social Security numbers and other government-issued IDs used to open accounts. Connex emphasized that it has no reason to believe member accounts or funds were accessed.
Peter Strozniak can be reached at pstrozniak@cutimes.com.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.