SEATAC, Wash.—A Las Vegas woman has filed a proposed class action against $130-million Alaska Air Group Credit Union here, alleging the CU failed to use reasonable cybersecurity safeguards before a March cyberattack exposed member data, according to Law360.
The complaint was filed in Washington state court by plaintiff Hope Abrams.
AAGCU said in breach notices that on or about March 5 its third-party IT service provider suffered a cybersecurity incident that let unauthorized actors use that provider’s system to access AAGCU systems. The CU said investigators determined the attackers “may have accessed and copied” certain AAGCU files.
The credit union said the files may have contained account numbers, dates of birth, driver’s license numbers, passport numbers, Social Security numbers, tax identification numbers and routing numbers, but said no passwords, PINs or similar data were involved. AAGCU said it was offering affected members 24 months of Experian IdentityWorks credit monitoring and identity-restoration services.
The incident reportedly affected 10,705 individuals, according to breach-tracking and plaintiffs-firm notices citing official disclosures.