Credit union sues Eddie Bauer for failing to prevent data breach
SEATTLE — A credit union has sued Eddie Bauer, alleging that the clothing retailer failed to take adequate steps to protect against a hack that swiped the credit- card information of customers last year.
Veridian Credit Union accused Eddie Bauer, headquartered outside Seattle, of deploying lax security standards, forcing Veridian and other financial institutions to bear costs related to theft of payment-card information from the clothier’s point- of- sale systems.
The Waterloo, Iowa, credit union filed the suit, which is seeking classaction status, in federal court in Seattle on Tuesday.
An Eddie Bauer spokesman said the company would defend itself against the claims in the lawsuit and declined further comment. Eddie Bauer in August disclosed that the company had discovered malware on its point- ofsale systems at its stores in the U.S. and Canada. The company said credit- and debit-card payments made between Jan. 2, 2016, and July 17, 2016, may have been accessed.
Online sales weren’t affected.
It appears that hundreds of thousands, or perhaps millions, of customers had their payment card information compromised, the lawsuit said.
Eddie Bauer, the complaint says, was negligent, and should compensate financial institutions for costs related to reissuing stolen credit and debit cards, refunding unauthorized transactions and other fallout from the breach.
The deficiencies in Eddie Bauer’s security system include “a lack of elementary security measures that even the most inexperienced ( information technology) professional could identify as problematic,” the complaint said.
The company failed to implement chip-based card anti- fraud technology, and exacerbated the problem by failing to notify customers for weeks after learning about the problem, the lawsuit says.