Chime Financial’s app went dark for hours on April 1, leaving customers unable to log in, check balances or send money. In the weeks that followed, three proposed class actions accused the banking app operator of failing to protect user data and of downplaying what happened.
The first suit was filed two days after the outage by Strauss Borrelli, and two more firms followed within two weeks in the U.S. District Court for the Northern District of California. The complaints say the disruption was the result of a breach by the pro-Iranian hacker group Team 313 and that Social Security numbers, dates of birth, government-issued IDs and other personal information were taken from customers.
Chime told users on its status page during the incident that the money in their accounts and their personal information were secure. It also said the threat actor did not steal any data. Those public statements are at the center of the lawsuits, which target the alleged breach but have not produced evidence in court beyond what was already public when the cases were filed.
The outage began shortly before 1 p.m. Eastern time, when DownDetector’s Chime page spiked to 6,647 problem reports against a baseline of four. Team 313 later posted on its leak site that it had launched a massive cyberattack targeting Chime’s servers, saying the attack crashed internal servers and disabled the app and website for an hour.
One of the plaintiffs, Cindy Castaneda, sued with Lauren Goodloe. They said they could not see their account balances during the outage, and Goodloe said she feared missing a rent payment. Michael Walsh said he got a bank alert about an attempted unauthorized credit card charge and later a notice that his information had appeared on the dark web. Melissa Porter described no specific loss beyond fear, anxiety and the time she spent watching her accounts.
The complaints lean on public reporting, a Team 313 post and a March 2026 threat advisory from cybersecurity firm Hawkeye rather than on evidence revealed in the court filings themselves. As of May 4, Chime had not filed a notice of a material cybersecurity incident with the SEC, even though public companies are required under a 2023 rule to file a current report within four business days of deciding an incident is material. That gap may end up mattering as much as the outage itself.