BELLEVUE, Wash. (Legal Newsline) - Eddie Bauer LLC plans to fight a class action lawsuit filed by a credit company that claims the negligence of the outdoor clothing chain led to a large data breach, leaving financial institutions scrambling to cancel customers' credit cards, handle numerous customer complaints and issue refunds for unauthorized purchases.
“Eddie Bauer intends to defend itself against the claims made in the class action lawsuit filed on March 7,” David Isaacs, an Eddie Bauer spokesman, told Legal Newsline.
On March 7, Veridian Credit Union filed a class action suit in the U.S. District Court for the Western District of Washington at Seattle against Eddie Bauer for a data breach that occurred between January and July 2016.
Veridian, as well as similar financial institutions, claim the chain was negligent for failing to secure its data networks and maintain data security measures. The suit also claims the chain failed to implement data protection and security best practices and comply with industry standards, and failed to upgrade security systems.
“Beyond that, the company will not comment further on ongoing litigation,” Isaacs said.
According to the suit, Veridian claims that due to Eddie Bauer’s failures to protect data, it along with other financial institutions have had to waste time refunding customers’ losses from unauthorized transactions, canceling and reissuing credit cards, responding to a large number of cardholder complaints and concerns, and engage in increased fraud monitoring.
Veridian also claims the long period of time -- at least six weeks -- that the chain let pass before informing customers made the situation even worse.
KrebsOnSecurity, an in-depth security news and investigation website, reported the data breach in early July 2016. Eddie Bauer did not officially confirm the breach until it released a statement Aug. 18, 2016, according to the suit.
Due to Eddie Bauer’s alleged negligence, a significant volume of customer information was stolen from the Eddie Bauer computer network, according to the suit.
Though the investigation continues, it appears that “hundreds of thousands or even millions of defendant’s customers at approximately 350 American and Canadian locations have had their credit and debit numbers compromised, have had their privacy rights violated, have been exposed to the risk of fraud and identity theft, and have otherwise suffered damages,” the suit states.
Despite the allegations, the retailer's CEO encouraged people to continue shopping at its stores, adding that it is confident the problem has been resolved and additional protections have been put in place.
“We have been working closely with the FBI, cyber security experts and payment card organizations, and want to assure our customers that we have fully identified and contained the incident and that no customers will be responsible for any fraudulent charges to their accounts," CEO Mike Egbeck said in a statement issued shortly after the intrusion was announced in August. "In addition, we’ve taken steps to strengthen the security of our point of sale systems to prevent this from happening in the future.”
A previous version of this story attributed Eddie Bauer CEO Mike Egbeck's comments to a statement issued after speaking with Legal Newsline. Egbeck's comments actually came in a statement released shortly after the intrusion was made public, but before any lawsuits were announced.