Federal Credit Union Sued for Failure to Safeguard Personal Information During Data Breach
Lafayette Federal Credit Union (LFCU) was hit Friday with a class-action lawsuit for allegedly failing to safeguard the personal identifiable information (PII) of its customers, which later leaked in a data breach.
Sign up for a free preview to unlock the rest of this article
The security breach occurred because LFCU "failed to take reasonable measures to protect the Private Information they collected and stored," the complaint said. The credit union "failed to implement data security measures designed to prevent this attack, despite repeated public warnings to the financial industry about the risk of cyberattacks and the highly publicized occurrence of many similar attacks in the recent past on financial institutions."
According to the complaint, filed in the U.S. District Court for Maryland, LFCU experienced a data breach in September 2024 where personal data was exposed, including names, financial account information, loan account number, and Social Security numbers. But it wasn't until March 2025 that plaintiff Joseph Mausteller received a notice letter informing him that his PII had been leaked, he alleged in case 25-01039.
Mausteller said the breach was enabled by LFCU's "violation of their obligations to abide by best practices and industry standards concerning the security of consumers’ records and Private Information," and the failure to comply with security standards allowed the PII to be compromised.
LFCU did not immediately respond to a request for comment.