CUNA, league and credit union plaintiffs filed an amended complaint Wednesday in their lawsuit against Equifax. CUNA filed suit against Equifax in the wake of a data breach that exposed personal information on 145.5 million consumers and payment card data of more than 200,000 consumers.

“This lawsuit is CUNA’s 360-advocacy at work on behalf of credit unions that will bear substantial costs as a result of this breach,” said CUNA President/CEO Jim Nussle. “Our amended complaint contains significant details on what we believe is Equifax’s failure to adequately protect sensitive consumer information, which includes Social Security numbers, birthdays, addresses and driver’s license numbers, in addition to payment card information.”

The amended complaint also adds additional plaintiffs, with CUNA now joined in the lawsuit by nearly 60 leagues and credit unions.

The amended complaint provides significantly more detailed factual allegations demonstrating Equifax’s active failure to properly secure plaintiffs’ customers’ personally identifiable information, as well as payment card data.

It also provides additional details regarding the harm the credit unions have suffered and will continue to suffer due to the Equifax data breach.

The amended complaint provides additional details that demonstrate Equifax knew, but failed, to implement basic cybersecurity measures such as patch management to fix known vulnerabilities to the Apache Struts application as well as failed to maintain proper security certificates, which could have prevented the data breach. 

It also adds several statutory and common law claims on behalf of nationwide and state-wide classes of financial institutions.