Class-action lawsuit filed against RBS WorldPay following breach

Legal action comes in wake of breach at payment processor and massive ATM scam.

A class-action lawsuit was filed against RBS WorldPay following a breach of the payment processor's computer system that led to a coordinated ATM scam.

SearchFinancialSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Three law firms filed the lawsuit last week claiming that the Atlanta-based company failed to comply with industry security standards to protect customers' personal data. "RBS' data security environment failed to meet industry standards, including, but not limited to, ISO and PCI requirements," the lawsuit states.

The suit also contends the company failed to provide timely notice of the breach, and offered inadequate credit monitoring services to customers whose Social Security numbers were compromised. RBS discovered the breach on Nov. 10 but did not announce it until Dec. 23, according to the lawsuit.

RBS WorldPay, the U.S. payment processing arm of the Royal Bank of Scotland, reported that personal information of about 1.5 million pre-paid cardholders and other individuals was compromised when its computer system was hacked. The Social Security numbers of 1.1 million of those cardholders may also have been compromised, the company said.

The stolen data was used in a highly-coordinated ATM scam involving cloned payroll debit cards and reloadable gift cards, according to the FBI. The agency is investigating the attack, which occurred in several cities reportedly on Nov. 8. According to published reports, the criminals made off with $9 million.

The suit contends that RBS was intimately familiar with industry data security standards and should have known that its computer system for processing and storing the plaintiffs' personal and financial information was not secure.

Last month, a class-action lawsuit was filed against another payment processor, Heartland Payment Systems Inc., which disclosed in January that criminals broke into its processing system last year.

The lawsuit against RBS WorldPay was filed by Atlanta-based Doffermyer Shields Canfield & Knowles LLC, Sheller P.C. of Philadelphia and Finkelstein Thompson LLP of Washington, D.C. It seeks damages, credit monitoring services and/or identity theft insurance for the plaintiffs, and that RBS WorldPay be required to improve its computer security.

This Content Component encountered an error

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSecurity

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

ComputerWeekly

Close