North Carolina Energy Provider Resolves Data Breach Lawsuit

May 30, 2025

Duke Energy has recently resolved a lawsuit arising from a data breach that occurred last year, putting an end to a class-action suit that exposed personal data to cybercriminals, as indicated by court records submitted in the U.S. District Court. The breach, which occurred in May 2024, affected several Charlotte-based company customers, as reported earlier this year. The legal action, initiated by lead plaintiff Matthew Saunders from St. Petersburg, Florida, was formally lodged in December.

Details regarding the settlement were not disclosed in the most recent court filings. The complaint outlined that there were over 100 class members with a cumulative value of claims exceeding $5 million. Subsequent to both parties conveying to the federal court in March that an agreement had been reached, the settlement was finalized earlier this week. Duke Energy also resolved six additional cases stemming from the data security breach, as confirmed by court documents. Saunders agreed to withdraw all claims brought against Duke Energy, as stated in a joint filing submitted by both parties.

The breach led to the exposure of sensitive information such as names, account numbers, emails, Tax IDs, and Social Security numbers, as outlined in court records. This data was utilized by cybercriminals who then sold the information to identity thieves. Duke Energy dismissed the claims as unsubstantiated and expressed contentment with the resolution and dismissal of the cases. According to Valerie Patterson, a spokeswoman for the company, in a statement to The Observer, “As we communicated to the customers who were potentially impacted by this incident, our thorough investigation revealed that no customer’s personally identifiable information, as defined by state law, was exposed.”

Furthermore, Duke Energy emphasized its commitment to safeguarding customers’ data and assured the provision of complimentary credit monitoring and identity theft protection services to eligible individuals. The organization maintains a security-conscious approach to data protection and acknowledges the importance of upholding robust measures to shield customer data from potential cyber threats.