News

American Bank Systems slapped with class-action lawsuit for not timely disclosing ransomware data breach

This year, American Bank Systems (ABS) was hit with a ransomware attack as reported by Security Report, which the company failed to disclose to its customers in time.

As a part of this data breach, a full 53 GB dump of the data pertaining to ABS and its clients —which include multiple banking names and mortgage companies, such as First Federal Community Bank, Rio BankCitizens Bank of Swainsboro, First Bank & Trust, and so on, was leaked by the threat actors after several attempts to extort a ransom payment.

This data included the banking customers’ personally identifiable information (PII) such as loan records, SSNs, documents, emails, contracts, network shares, and passwords to sensitive drives.

A Law360 news report published yesterday states ABS has now been slapped with a class-action lawsuit due to its failure to protect their customers’ information, and for keeping them in the dark for weeks after the initial ransomware attack.

“As a result of ABS’s failure to implement and follow basic security procedures, plaintiff’s and class members’ PII is now in the hands of criminals,” read the complaint, filed Wednesday in a Pennsylvania federal court.

“Plaintiff and class members face a substantial increased risk of identity theft, both currently and for the indefinite future. Consequently, plaintiff and class members have had to spend, and will continue to spend, significant time and money in the future to protect themselves due to ABS’s failures.”

As far as the timeline is concerned, Security Report analyzed the timestamps on the leaked files and deduced the cyber attack had struck American Bank Systems sometime in or before early October.

It wasn’t until November 18th, however, nearly 4 days after our report, that the company began disclosing to its customers the details of the data breach. ABS had also not responded to our request for comment.

“According to NexTier Bank, it was not notified by ABS of the data breach until November 18, 2020, which was at least several weeks after the incident began, and more than two weeks after the data breach was first publicly reported,” the complaint further reads.

The class-action lawsuit is brought forward by plaintiff Mitchell Lautman, a citizen and resident of the Commonwealth of Pennsylvania, and a customer of NexTier whose PII was exposed as a result of this data breach.

By not sufficiently protecting sensitive data the lawsuit alleges ABS was in breach of Federal Trade Commission (FTC) rules and put customers at the risk of identity theft for years to come.

“ABS, a company that promotes its trustworthiness, has a responsibility to securely maintain the customer PII that it receives and keep it safe from harm. ABS was on notice that PII, specifically when it includes financial information, is a prime target for data breaches,” states the 26-page court filing.

While more details pertaining to this case are yet to come, this is a reminder to companies and financial institutions to prioritize data security, and to not delay in disclosing crucial matters to their customers, such as a data breach.

A copy of the complaint is provided below for reference:

Ax Sharma

Ax Sharma is a UK-based security researcher, journalist and TV subject matter expert experienced in malware analysis and cybercrime investigations. His areas of interest include open source software security and threat intel analysis. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).

Recent Posts

ParkMobile’s $32.8 Million Data Breach Settlement = You get $1?

In 2021, parking app ParkMobile suffered a massive data breach impacting 22 million users whose…

1 day ago

8 Brutal Truths About Cybersecurity I Wish I Knew

When I first got into cybersecurity, I thought it was all about hackers in hoodies…

3 days ago

US Air Force Probes Potential SharePoint-Linked Privacy Breach

The US Air Force is investigating a “privacy-related issue” that may have exposed personally identifiable…

4 days ago

Harrods third-party breach exposes 430,000 customer records, hackers reach out

London’s iconic department store Harrods has disclosed that approximately 430,000 customer records were compromised in…

6 days ago

WestJet confirms customer ID, passports stolen in June cyberattack

WestJet confirmed that in a June 2025 cybersecurity incident, a “sophisticated, criminal third party” gained…

6 days ago

Did You Also Get a ‘Real’ Phishing Email From GitHub.com?

Imagine getting an email straight from GitHub’s own notification system: the same one you've trusted…

1 week ago

This website uses cookies.