Texas man sues USAA over April data breach that affected 32,276 members’ personal information
An April data breach at USAA has sparked a potential class-action lawsuit against the San Antonio insurance and financial services company.
In a complaint filed Thursday in federal court in San Antonio, USAA member Maurice Fitzpatrick of Belton said there are at least 100 class members whose claims exceed $5 million as a result of the breach that affected the personal information of 32,275 USAA customers. Nearly 4,200 of those members are Texans.
A spokesman for USAA, which has not been served with the complaint, had no comment.
The company notified affected members in an Aug. 27 letter that some documents for members with property and casualty insurance products with USAA were inadvertently posted to another member's online account.
It added that its investigation found no evidence of fraud or identity theft resulting from the incident, which exposed members' names, addresses, Social Security and driver's license numbers, dates of birth and medical information.
Fitzpatrick, though, says in his complaint that his personal information is being disseminated on the dark web, according to Capital One and Credit Karma. He also says he experienced about $950 in fraudulent charges to his American Express card in August and an increase in spam calls, texts and emails.
The dark web is a network of websites not indexed by search engines and often associated with illegal activities such as selling stolen data.
USAA attributed the breach to a system error that occurred during a routine update to its document delivery system. It said it took steps to remove the inadvertently posted documents and has offered identity theft protection to affected members.
Fitzpatrick is suing USAA for negligence, breach of implied contract and unjust enrichment. He wants the court to require USAA to take a number of steps, including engaging independent third-party security auditors and internal personnel to run automated security monitoring.
The April breach was the second in the span of less than two years at USAA. In June 2023, USAA reported the personal information of an estimated 19,000 members had been exposed online as a result of a breach that occurred between Dec. 20, 2022, and May 18, 2023.
USAA said a third-party contractor shared member access credentials with unauthorized individuals, giving them access to members' personal and financial information.
It's become the norm for businesses affected by data breaches to have to defend themselves against lawsuits. Other San Antonio businesses that have been hit with similar suits include CentroMed, Frost & Sullivan Inc. and Generations Federal Credit Union.
Dallas attorney Joe Kendall represents Fitzpatrick. Kendall filed four of at least six potential class-actions suit over a data breach at San Antonio's South Texas Oncology and Hematology PLLC earlier this year. That breach may have compromised the personal health information of more than 170,000 patients.
This story was originally published September 30, 2024, 6:47 PM.
