On March 13, a federal credit union filed a lawsuit against a national retailer and parent company, alleging their actions during a September 2014 data breach injured credit unions, banks, and other financial institutions. Greater Chautauqua FCU v. Kmart Corp and Sears Holdings Corp., No. 15-cv-2228, (N.D.Ill. Mar.13,2015) claimed that due to the data breach the credit union had to: (a.) cancel or reissue any credit and debit cards affected by the breach; b. close any deposit, transaction, checking, or other accounts affected by the breach; (c.) open or reopen any deposit, transaction, checking, or other accounts affected by the breach; (d.) refund or credit any cardholder to cover the cost of any unauthorized transaction relating to the breach; (e.) respond to a higher volume of cardholder complaints, confusion, and concern; (f.) increase fraud monitoring efforts; and (g.) lose revenue as a result of a decrease in card usage after breach was disclosed. The suit claims that the credit union believes that “failure to adequately secure their data was inexcusable.” In addition, the retailer failed to detect or notify customers for a period of at least five weeks.
The lawsuit alleges damages in excess of $5,000,000 for violations of the Illinois Personal Information Protection Act, the Illinois Consumer Fraud and Deceptive Business Act, and New York General Business Law, as well as negligence, and negligent misrepresentation and/or omission.
Read the Class Action Suit.