A Wells Fargo customer has filed a presumptive class action lawsuit against the financial services company over a personal-data exposure disclosed to authorities last month, alleging negligence and breach of fiduciary duty, among other violations.
Tamra Bacon contends Wells Fargo failed to properly safeguard customers' personally identifiable information in its network, including full names, addresses, phone numbers, email addresses, birth dates and numbers for driver's licenses, bank and brokerage accounts, credit cards and Social Security.
The breach, discovered in July, occurred when, as Wells Fargo explained in a letter to customers, "a former employee accessed, and in some cases used, customer information for fraudulent purposes."
The bank told customers their personal information was accessed between May 2022 and March 2023, that it had notified law enforcement and that it was offering identity theft protection services.
"Not until months after it claims to have discovered the data breach did (Wells Fargo) begin sending the notice" to people whose private information was potentially compromised, according to the lawsuit, filed Friday in U.S. District Court in California's northern district.
Wells Fargo supplied the letter to customers to the Vermont attorney general's office in September; the letter on file carries an August date. The lawsuit, however, alleges the bank waited roughly three months after discovering the breach to alert affected customers.
Bacon contends the notice lacked sufficient information on how the breach occurred, what measures have been taken to prevent further attacks and where the exposed personal information exists today.