In October 2024, a data breach at South Carolina Federal Credit Union exposed the personal information of at least seven members, leading to a consolidated legal complaint. The U.S. District Court dismissed the case without prejudice, citing the plaintiffs' failure to establish a direct link between the breach and subsequent fraudulent charges on their accounts. While three members reported unauthorized transactions, the court ruled their claims lacked sufficient evidence to prove the credit union’s negligence caused the harm. The breach involved sensitive financial data, but the plaintiffs could not demonstrate that the compromised information (e.g., account details, personal identifiers) was the source of the fraud. The court allowed a 30-day window to amend the complaint, emphasizing the need for clearer traceability. The incident highlights vulnerabilities in financial institutions’ data protection measures and the legal challenges victims face in proving damages from cyber incidents where causality is disputed.
Source: https://www.jdsupra.com/legalnews/district-court-holds-plaintiffs-lacked-7076859/
TPRM report: https://www.rankiteo.com/company/south-carolina-federal-credit-union
"id": "sou0702307102125",
"linkid": "south-carolina-federal-credit-union",
"type": "Breach",
"date": "10/2024",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'At least seven members '
'(plaintiffs in the lawsuit)',
'industry': 'Financial Services',
'location': 'South Carolina, USA (jurisdiction of U.S. '
'District Court for the District of South '
'Carolina)',
'type': 'Credit Union'}],
'data_breach': {'personally_identifiable_information': 'Yes (implied by '
'fraudulent charges '
'and legal context)',
'sensitivity_of_data': 'High (linked to identity theft and '
'fraud risk)',
'type_of_data_compromised': 'Personal Information'},
'description': 'On October 9, the U.S. District Court for the District of '
'South Carolina dismissed without prejudice a consolidated '
'complaint brought by seven members of a credit union whose '
'personal information was compromised in a 2024 data breach. '
'The court ruled that plaintiffs lacked standing due to '
'failure to allege injuries traceable to the credit union’s '
'conduct. While three plaintiffs claimed fraudulent charges, '
'the complaint did not plausibly link these to the breach. The '
'case was dismissed but plaintiffs were given 30 days to amend '
'their complaint.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'breach and legal dismissal (publicly '
'disclosed)',
'customer_complaints': 'Seven members filed a consolidated '
'complaint (legal action)',
'data_compromised': ['Personal Information (unspecified)'],
'identity_theft_risk': 'Alleged (fraudulent charges reported by '
'three plaintiffs, though traceability not '
'established)',
'legal_liabilities': 'Consolidated complaint dismissed (without '
'prejudice); plaintiffs given 30 days to '
'amend for traceability defects',
'payment_information_risk': 'Alleged (fraudulent charges on bank '
'accounts/credit cards, though '
'traceability not established)'},
'investigation_status': 'Legal proceedings ongoing (complaint dismissed '
'without prejudice; plaintiffs may refile)',
'references': [{'source': 'U.S. District Court for the District of South '
'Carolina'}],
'regulatory_compliance': {'legal_actions': 'Consolidated complaint filed by '
'seven members; dismissed without '
'prejudice (October 9, 2024). '
'Plaintiffs given 30 days to amend '
'pleadings.'},
'title': '2024 Credit Union Data Breach and Subsequent Legal Dismissal',
'type': 'Data Breach'}