USAA Bank, a major financial institution, has agreed to a $3.25 million settlement in a class-action lawsuit stemming from a 2021 data breach. While the insurer maintains its innocence, the settlement resolves a significant legal challenge related to the unauthorized exposure of customer data. Although the settlement agreement itself remains sealed by a judge, information obtained by My San Antonio (MySA) offers insights into the case’s details and the distribution of funds.
The 2021 USAA Bank Data Breach and the Origin of the Lawsuit
The lawsuit alleged that USAA Bank failed to adequately protect customer information obtained from motor vehicle records, including drivers’ license numbers, which were used in its quoting system. Vincent Dolan, the original plaintiff, stated that this lapse in security allowed a stranger to access his personal information and fraudulently open a USAA membership account without his knowledge. Dolan only learned of the breach when USAA sent a notification letter in 2021. Following this discovery, Dolan filed suit in July 2021, and the class action subsequently grew to include over 22,000 individuals.
USAA Bank Settlement Details and Payouts
According to MySA’s reporting, the settlement will likely result in a substantial payout for Dolan, potentially reaching $10,000. Other claimants in the class action suit will receive approximately $100 each. This distribution reflects a tiered approach to compensation, acknowledging the varying levels of impact experienced by affected individuals. The total settlement amount of $3.25 million reflects the collective financial impact of the USAA bank data breach on the affected individuals.
A Second Data Breach and Subsequent Lawsuit
This settlement isn’t USAA’s only encounter with data breach issues in 2024. In April, an internal system error during a routine update exposed the personal information of approximately 32,000 policyholders. USAA notified customers in August 2024, after completing an investigation that concluded on July 31, 2024. The compromised data included names, addresses, emails, birth dates, social security numbers, driver’s license numbers, passport numbers, vehicle VINs, policy details, loan numbers, and medical information.
A separate class-action lawsuit has been filed concerning this April 2024 incident, alleging negligence on USAA’s part and a failure to promptly notify affected customers. One plaintiff claims that their private data appeared on the dark web, leading to fraudulent credit card charges. This second USAA bank data breach highlights ongoing concerns about the institution’s data security practices.
