SEATTLE–Retailer Eddie Bauer has reportedly reached a $9.8-million settlement with a credit union as the result of a January 2016 data breach.
As CUToday.info reported earlier, the lawsuit was filed in 2017 by Veridian Credit Union, which alleged sloppy security practices cost the CU and other credit unions significant related expenses. Efforts by Eddie Bauer to have the lawsuit tossed were rejected by the courts.
In its suit, Veridian had stated the security breach took place from on or around Jan. 2, 2016 to on or around July 17, 2016 and the names, credit and debit card numbers, card expiration dates, CVVs and other payment card data of customers at approximately 350 Eddie Bauer stores in the United States and Canada were exposed.
As a result, Veridian alleged it and other financial institutions were forced take one or more of the following actions: cancel or reissue any credit and debit cards affected by the breach; close and/or open or reopen any deposit, transaction, checking, or other accounts affected by the breach; refund or credit any cardholder to cover the cost of any unauthorized transaction relating to the Eddie Bauer Data Breach; respond to a higher volume of cardholder complaints, confusion, and concern; increase fraud monitoring efforts; and/or other lost revenues as a result of the breach.
‘Particularly Inexcusable’
“The failure of Defendant to adequately secure its data networks was particularly inexcusable given the fact that the infiltration underlying the Eddie Bauer Data Breach involved mostly the same techniques as those used in major data breaches in the preceding months and years, including those at other major retailers like Target, Home Depot, and Kmart,” the lawsuit stated. “Nevertheless, despite having knowledge that such data breaches were occurring throughout the retail industry, Defendant failed to properly protect sensitive payment card information.”
The suit had also alleged the company failed to “upgrade security systems, and failed to comply with industry standards by allowing its computer and point of sale systems to be hacked causing financial institutions’ payment card and customer information to be stolen.
Veridian CU had also stated the breach was exacerbated by Eddie Bauer failing to notify customers of the infiltration for approximately six weeks after it learned of it.