April 29, 2019

Preliminary settlement in Eddie Bauer data breach class action

Eddie Bauer LLC, the Washington clothing and sportswear company, and Veridian Credit Union, a plaintiff financial institution and payment card issuer, have agreed to a $9.8 million settlement of class action litigation arising from a January 2016 breach of Eddie Bauer’s point of sales (POS) systems.  According to Veridian’s unopposed motion for preliminary approval of the class action settlement, hackers installed malware on Eddie Bauer’s POS computer systems that enabled them to obtain and sell payment card information of Eddie Bauer’s customers.  Veridian alleged that Eddie Bauer negligently failed to implement industry-standard security measures, such as the Payment Card Industry Data Security Standard (PCI DSS), thereby violating the Washington Consumer Protection Act and data breach notification law, Wash. Rev. Code (“RCW”) §19.255.020.  

If approved by the United States District Court for the Western District of Washington, the settlement would provide between $1 million to $2.8 million in payments to class members,  $2 million for settlement administration and attorneys’ fees, and $10,000 to the lead plaintiff. In addition, Eddie Bauer has committed approximately $5 million to be used for enhancing cybersecurity measures over the course of the next two years.

Motion for Preliminary Approval of Class Action Settlement