A Missouri woman has filed a proposed class action against Bank of America, JPMorgan Chase, and London-based Finastra Technology Inc., accusing them of failing to safeguard sensitive personal data stolen in a cyberattack and later spotted on the dark web.
Filed Tuesday in federal court in Orlando, Florida, the complaint from plaintiff T.H., identified only by her initials, paints a damning picture of corporate negligence. T.H., a customer of both BofA and Chase, says her personal information was snatched from Finastra’s file transfer system, then exploited in fraudulent transactions tied to her bank accounts.
Breach Discovered Months After Attack
According to the lawsuit, Finastra uncovered the breach in early November, roughly a week after hackers gained unauthorized access to its secure file transfer platform used for customer and technical support. Yet, T.H. claims she didn’t receive notice until June 30 — nearly nine months later.
The compromised files contained a trove of unencrypted customer data: names, Social Security numbers, dates of birth, and bank account numbers. The complaint argues that by failing to secure such information or notify victims promptly, Finastra and its banking partners exposed customers to identity theft and financial harm.
