SunTrust Hit With Class Action After 1.5M Customers' Data Breached
Morgan & Morgan filed the putative class action against the bank yesterday on behalf customers whose private information may have been disclosed in a data breach.
May 18, 2018 at 11:34 AM
3 minute read
A putative class action has been filed against SunTrust Bank on behalf of an estimated 1.5 million customers whose private information the bank said may have been disclosed in a data breach.
The lawsuit comes after SunTrust's public revelation that a former employee accessed its customers' names, addresses, phone numbers and account balances.
“SunTrust has acknowledged that approximately 1.5 million customers' PII [personally identifiable information] were compromised; what is presently unknown is for what period of time this information was compromised and being taken for malicious purposes,” said the complaint filed in the U.S. District Court for the Northern District of Georgia by John Yanchunis and Ryan McGee of Morgan & Morgan's Tampa office.
In a prepared statement, Yanchunis said the lawsuit “seeks to hold SunTrust accountable from its acknowledged failure to keep safe the information entrusted to it. In effect, SunTrust acted as the trustee for its customers, and it was the responsibility of SunTrust to ensure the security of customers' information.”
The complaint seeks unenumerated “actual and consequential damages, exemplary damages and attorneys' fees” and other damages.
In an email, SunTrust's chief communications officer Sue Mallino said “SunTrust cares deeply about the security of client information, and we promptly and proactively notified individuals that may have been affected. We have heightened our monitoring of accounts, increased other security measures, and are offering identity theft protection services at no cost to our consumer banking clients.”
The breach became public on April 20, when SunTrust announced it “became aware of potential theft by a former employee of information from some of its contact lists. Although the investigation is ongoing, SunTrust is proactively notifying approximately 1.5 million clients that certain information, such as name, address, phone number and certain account balances may have been exposed.”
The bank said the contact lists did not include information information such as Social Security numbers, account numbers, PINs or passwords.
The bank said that, in addition to offering free credit monitoring, it was “working with outside experts and coordinating with law enforcement.”
The complaint named three class plaintiffs, and said that Suntrust's failure to timely disclose the breach prevented meant its customers were delayed in trying to mitigate the consequences of the breach “and the damage which might follow.”
The breach “was the inevitable result of SunTrust's inadequate approach to data security and the protection of the [personally identifiable information] that it collected during the course of its business,” it said.
Among the claimed damages are the plaintiffs' time spent “searching for fraudulent activity, taking the time to secure or purchasing credit monitoring and identity theft protection services, and the stress, nuisance and annoyance” of dealing with the data theft.
The suit also cited “the imminent and certainly impending injury” the plaintiffs will likely suffer “as a result of their personal information being placed in the hands of criminals and already misused via the sale of plaintiffs' and class members' information on the Internet black market.”
Read the lawsuit:
|This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
Sanctions Order Over Toyota's Failure to Provide English Translations of Documents Vacated by Appeals Court
4 minute read
Burr & Forman, Smith Gambrell & Russell Promote More to Partner This Year
7 minute read
Trending Stories
- 1Legal Tech's Predictions for Artificial Intelligence in 2025
- 2Tyson & Mendes Appoints Cayce Lynch First Female Nationwide Managing Partner
- 3Spellbook Expands Deeper Into the In-house Market
- 4Here’s Looking at You, Starwood: A Piercing the Corporate Veil Story?
- 5Obtaining an Edge in Appellate Advocacy
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
