American multinational retail corporation Walmart is the latest company hit with a lawsuit under the California Consumer Privacy Act (CCPA) after a supposed data breach. The class-action lawsuit filed on July 10, 2020, alleges Walmart being hacked and personal data being sold on the dark web.
The retail giant comes under hot water after a San Francisco resident, Lavarious Gardiner, filed a class-action lawsuit against Walmart with the United States Northern District of California.
According to Compliance Week, Gardiner accused the company of being hacked and their personal information being sold on the dark web.
In a statement, Gardiner said he had turned to buy a “credit and personal identity monitoring service to alert him to potential misappropriation of his identity and to combat the risk of further identity theft.”
Among the data supposedly mined and sold by the firm are their credit card information, customer names, addresses, and other financial data reveal InfoSecurity Magazine.
Par of the class action lawsuit alleges that “Many customers of Walmart have had their PII compromised, have had their privacy rights violated, have been exposed to the risk of fraud and identity theft and have otherwise suffered damages.”
The suit likewise maintains that the retail giant failed to warn its consumers against the website’s “multiple severe vulnerabilities through which the data was obtained.” InfoSecurity Magazine also states that Walmart did not notify its customers regarding the breach.
As of writing, the extent of the breach is still unknown. However, the filing claims that at least thousands were affected by the incident.
Bloomberg states that plaintiffs are required to show proof that they have suffered harm in order to beat early challenges to their respective claims. In response, Gardiner reveals that he has shouldered out-of-pocket expenses, such as the hiring of credit and personal monitoring service.
Should the California Consumer Privacy Act deem it fit to award the complainants, Walmart will be obligated to pay a maximum of $750 per individual. Also included in the potential relief package are enhanced security measures, as well as coverage for lawyers’ fees and other related court costs.
In an email, a Walmart spokesperson said, “Protecting our customers’ data is a top priority and something we take very seriously. We dispute the plaintiff’s allegations that the failure of our systems played any role in the public disclosure of his personally identifiable information (PII).”
Walmart continued to say that they “intend to defend the company against the claims and will respond as appropriate with the court.”
The California privacy law took effect on January 1, 2020. It has a provision that allows a look-back to January 1, 2019. Compliance Week states that it is the only state which allows consumers to file lawsuits against such large firms.
Apart from Walmart, other companies hit with CCPA suits are Clearview AI, Minted, and Salesforce.