Macy’s Class Action Says Store Should Have Prevented Data Breach

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

Customers are trying to hold Macy’s accountable for the company’s recent data breach in a class action lawsuit, claiming that Macy’s security measures to prevent the breach were insufficient, and that the company didn’t respond sufficiently to the breach.

Plaintiff Anna Carroll says she has an account with Macys.com that she used to make multiple online purchases, including purchases between April 26 and June 6, 2018.

She claims that on June 7, 2018, Macy’s notified her that her information was compromised in a data breach and that most likely, third party hackers had gained access to the personal information associated with her Macys.com account.

The Macy’s data breach class action lawsuit states that Carroll accesses her account with a username and password, and that the account is associated with a range of personal information including name, email address, phone number, birthday, and credit card number with an expiration date.

The plaintiff claims that this information was exposed to hackers in the Macy’s data breach.

The Macy’s data breach class action lawsuit says that Macy’s boasts about its commitment to information security to protect its customers’ personal information.

The Macy’s PPI breach class action lawsuit cites a statement on Macy’s website that reads “as a company, Macy’s takes the security of your account information very seriously. Therefore we take measures to protect the security of our customer’s account information.”

Carroll alleges that despite Macy’s advertised commitment to securing personal information, they had implemented insufficient security measures to protect consumer data, leaving it vulnerable to hacking and theft.

The Macy’s class action lawsuit claims that as a major company, Macy’s should be aware of and implemented the best security measures available.

The plaintiff further alleges that Macy’s was or should have been aware that consumers’ personal identifying information is very vulnerable to theft, and is in high demand.

She notes that numerous companies have experienced data breaches, and have faced litigation as a result. Carroll claims that Macy’s should have learned from other companies’ mistakes and done a better job of protecting its consumer’s information.

According to the Macy’s data theft class action lawsuit, consumer PII (personal identification information) is in high demand among hackers because it is versatile and useful in identify theft, especially in the case of information with common elements, like the information of Macy’s customers.

Allegedly, Macy’s knew or should have known that the information was at high risk of theft.

The Macy’s hacking class action lawsuit goes on to claim that Macy’s did not respond sufficiently to the data breach after it occurred.

Macy’s security system reportedly detected signs of a cyberattack by an external party on June 11, 2018. The Macy’s class action points out that this means the hackers had access to Macy’s customers’ information for more than two weeks – between April 26 and June 12, 2018.

The Macy’s customer data class action lawsuit then claims that the company waited almost a month before notifying consumers of the attack.

Allegedly, this diminished affected consumers’ capability to respond effectively to the loss of their personal information and minimize the damage of the data breach.

Carroll claims that she and thousands of other customers were financially injured by the data breach through potential fraudulent purchases made with their payment information, the diminished credit that can occur from identity theft, and emotionally injured by the stress of the data breach, and by the time they had to spend repairing the damage done by having their personal information compromised.

Carroll is represented by Oscar M. Price IV of Price Armstrong LLC.

The Macy’s Data Breach Class Action Lawsuit is Anna Carroll v. Macy’s Inc., et al., Case 2:18-cv-01060-RDP, in the U.S. District Court for the Northern District of Alabama.

UPDATE: October 2019, the Macy’s data breach class action settlement is now open. Click here to file a claim.