A class action settlement has been proposed in a California District Court to settle allegations relating to a data breach involving a fashion and beauty subscription service company.
The Defendant notified customers and the state Attorney General about a widespread data breach. This occurred from April 26, 2020 – May 14, 2020 and May 22, 2020 – August 3, 2020. During that time hackers managed to scrape many of the Defendant’s customers personally identifiable information from the website. They did this by infecting the website with malicious code. The information they were able to steal included:
- Full names
- Email addresses
- Account passwords
- Shipping and billing addresses
- Payment card account numbers
- Card expiration dates
- Card verification codes
The hackers had everything they needed to be able to use the customers’ information to make fraudulent purchases and steal customers identities.
The Plaintiff argued that the breach was allowed to occur through the Defendant’s negligent and/or careless acts and omissions. They also argued that not only did the Defendant fail to prevent the data breach, but they also failed to detect and report the breach for several months.
The Defendant argued that when they became aware of the breach, they immediately removed the malicious code and took steps to secure its website with the help of forensic cyber security experts.
The outcome means that the Defendant have to agree to:
- Pay a $625,000 settlement
- Offer multi-factor authentication for all its customers
- Complete a Payment Card Industry (PCI) Self-Assessement Questionnaire
- Hire additional security and technical personnel, including a Director of Cyber Security
- Employ a third-party cyber security forensic expert to risk assess all of its data assets and it’s environment
- Any other important steps to protect their website
Value Privacy can detect any malicious code or cyber-security threats and help you to take immediate action. With our partner, Black Kite, we can tell you exactly where the problem has occurred and how to fix it. It’s so important to ensure that data is kept safe but without our services you may not be aware of any threats until its too late. Contact us for a free, confidential assessment about how we can help your company.