Eddie Bauer reaches $9.8 million settlement deal over leak of 1 million Veridian accounts

Eddie Bauer and the Veridian Credit Union have reached an agreement to settle the data breach case.

Commonwealth floats increased penalties for privacy breaches

Eddie Bauer and the Veridian Credit Union have reached a $9.8 million compensation deal to settle a class action lawsuit over the leak of data belonging to one million Veridian customers.

The case, Veridian Credit Union v. Eddie Bauer LLC (2:17-cv-00356), was filed in the US District Court for the Western District of Washington.

The $9.8 million settlement was filed last week and requires court approval.

See also: Data breach exposes diagnosis data of 34,000 medical marijuana patients

As noted by Top Class Actions, the class-action lawsuit was filed following a data breach in 2016. It was claimed that Eddie Bauer's lack of adequate security practices allowed the security incident to occur, leading to the compromise of roughly one million Veridian customer accounts.

Payment card data including names, card numbers, expiration dates, and security codes were reportedly compromised

The case argued that due to the retailer's negligence, financial institutions including Veridian then incurred costs including the cancellation and re-issue of cards, as well as the need to provide additional customer support. 

It was reported at the time that every Eddie Bauer store in the United States and Canada was impacted, which equates to roughly 350 physical outlets. However, customers were not informed until six weeks after the company learned of the cyberattack.

Two years have passed since the data breach and now litigation between the companies may finally be at an end.

TechRepublic: How the cloud is evolving to improve enterprise security

The court overseeing the case had to decide whether to apply Washington or Iowa law -- as Eddie Bauer is headquartered in the former and Veridian is based in the latter -- and as there are conflicts in the two states' interpretation of liability and negligence laws, the court eventually chose Washington which permits cases based on negligence relating to contractual relationships and duty of care.

Under the terms of the settlement, $1 million to $2.8 million has been set aside in 'compensation' for customers -- which equates to $2 per customer which had a card involved in the breach -- and potentially more if every customer does not claim their due.

CNET: Lawmakers want to stop a future filled with smart devices and bad security

In addition, over $5 million will be set aside to boost Eddie Bauer's security, and $2 million will cover legal fees and administration costs. 

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0