Three proposed class-action suits allege Iran-linked hacktivist group Team 313 breached Chime’s systems and stole customer data on April 1, the same day Chime acknowledged a service disruption.
Four customers across the three suits contend Team 313, also known as The Islamic Cyber Resistance in Iraq, extracted personally identifiable information: Social Security numbers, postal and email addresses, phone numbers, and account credentials. Team 313 allegedly claimed responsibility online for crashing Chime’s servers and disabling both its app and website.
Chime contests the allegations. A spokesperson said the company “quickly resolved a brief disruption affecting only our marketing website, Chime.com, with no impact to member information,” and that “no funds or member data were compromised.”
Plaintiff Melissa Porter, in a suit filed April 7, alleges the breach resulted from Chime’s failure to implement adequate cybersecurity protocols, citing missing multifactor authentication and unencrypted data. Michael Walsh, whose suit was filed April 17 in Los Angeles, warns that victims face “an imminent and ongoing risk of harm, including identity theft and fraud.”
A third suit, filed April 3 by Cindy Castaneda of Madera, California, and Lauren Goodloe of Chicago, claims the April 1 outage caused anxiety, poor sleep, and a late rent payment because plaintiffs couldn’t access their account balances.
None of the three suits cite specific instances of plaintiffs’ PII being misused. They’re built on Team 313’s claimed responsibility and the foreseeable harm from such breaches. Chime has already called all three complaints without merit.
James Okafor