W&L today announced it is investigating claims from customers of Pioneer Bank who suffered — or fear they soon will suffer — economic harm from a data breach made possible by the Jan. 26 theft of one of the Troy, New York-based financial institution’s laptop computers.
The laptop contained highly sensitive information about an undisclosed number of depositors and other account holders.
The potential for economic harm to Pioneer Bank customers is great in part because the institution waited nearly a month before publicly disclosing the theft and possible data breach.
The firm said Pioneer claims it has notified some customers of the data breach, but it is not clear whether Pioneer has notified all customers whose data may have been compromised.
“Pioneer kept its customers in the dark for weeks, and therefore none of them was able to take necessary steps to protect themselves in a timely manner,” said James Bilsborrow, an attorney with W&L’s Environmental, Toxic Tort & Consumer Protection Unit.
W&L said that under New York state law, Pioneer had a duty to promptly report a data breach like this to its customers.
However, the Albany, New York, Times Union newspaper observed that Pioneer Bank failed to come forward even to police with word of the theft until Feb. 23 — nearly one month after its customers’ security was compromised.
The Times Union also observed that the New York state Division of Consumer Protection requires public disclosure of a data breach without unreasonable delay.
Pioneer Bank Data Breach Facts Appear Incomplete
Apart from divulging that its laptop was stolen, Pioneer Bank has said little about the data breach itself.
For example, according to the Times Union, Pioneer Bank refused to say how much information was rendered vulnerable by the theft.
Pioneer Bank stated only that the laptop contained “some” customer information, the Times Union reported.
However, the Albany Business Review learned that the stolen laptop contained customer names, Social Security numbers, account information and debit card numbers.
Robin L. Greenwald, who heads W&L’s Environmental, Toxic Tort & Consumer Protection Unit, said that Pioneer Bank has not been forthcoming with details of the data breach and, as a result, it is unclear who among its customers — and non-customers — are affected.
“We can know only that there is an unacceptable risk that innocent people and businesses will experience economic loss by becoming victims of identity theft and other forms of fraud spun from the Pioneer Bank data breach,” said Greenwald.
Those other forms of fraud may include faked tax filings, falsified filings for unemployment benefits, and medical identity theft, she explained.
“These frauds can cause financial injuries, but also much more,” Greenwald cautioned.
W&L Talking To Data Breach Victims
Bilsborrow advised Pioneer Bank data breach victims to act quickly to protect themselves. He recommended, among other things, continuously monitoring their credit records for signs of suspicious activity.
“Unfortunately, keeping watch for identity thieves requires the use of services that cost money,” he said. “Pioneer Bank’s customers, who have done nothing wrong, should not be required to foot the bill.”
For that and other reasons, Bilsborrow is convinced that legal intervention against Pioneer Bank is necessary.
He said W&L can be contacted by any current Pioneer Bank customer for a no-cost, no-obligation discussion of their legal rights to compensation from Pioneer Bank.
Pioneer Bank data breach victims can reach the law firm toll-free at 844-400-HELP or fill out an online form on our website, Bilsborrow said.
The Times Union listed Pioneer Bank as the eighth-largest financial institution in the Albany area. The Albany Business Review said Pioneer Bank has 17 branches and $687 million in deposits.