Citizens Bank was hit with two federal lawsuits in U.S. District Court on Wednesday, April 22, 2026, following allegations of a significant data breach. The legal action comes after the Everest ransomware group claimed responsibility for infiltrating the bank’s systems earlier this week.
Rhode Island attorney Jules D’Allesandro filed the 34-page complaint alongside national counsel, alleging that the bank failed to adequately safeguard sensitive customer information. The plaintiffs claim that the Everest group exfiltrated data belonging to potentially millions of current and former customers on April 20, 2026.
According to the lawsuit, the compromised data likely includes names, addresses, Social Security Numbers, dates of birth, and financial account details. The legal filing accuses the financial institution of negligence, breach of fiduciary duty, and recklessness regarding its cybersecurity protocols.
Citizens Bank acknowledged the breach in an online statement released on Tuesday, April 21, though the bank disputed the severity of the incident. The institution maintained that the majority of the impacted material was masked test data rather than active customer files.
“For Citizens, most of this was masked test data, although a limited set of information for a small number of customers was involved,” said the bank in the statement. “There is no evidence of unauthorized access to the Citizens network, and our operations continue as normal.”
The plaintiffs argue that the bank owed a duty of care to ensure its networks and information technology partners met industry security standards. They are seeking damages for loss of privacy, the diminished value of personal information, and the ongoing risk of identity theft.
While the bank has addressed the breach publicly, representatives declined to comment specifically on the pending litigation. The lawsuits also cite breach of implied contract and unjust enrichment as grounds for legal relief.
The Everest ransomware group publicly announced its successful infiltration on April 20, leading to immediate scrutiny of the bank’s data protection measures. Impacted customers are reportedly facing out-of-pocket losses and mitigation expenses as a result of the exposure.
Click Here For The Original Source.
