UnityPoint's second data breach this year could prompt expanded lawsuit