Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Bombas faces a new class action lawsuit after a data breach exposed customer data; including names, addresses and credit card information.
Plaintiff Alex Pygin claims his personal information was among the exposed data. He is seeking damages on behalf of himself as well as proposed nationwide and California Class Members.
Bombas sells socks through its website and uses a third-party ecommerce platform supplied by Shopify to collect customers’ personal and payment information, the Bombas class action lawsuit says.
On June 3, 2020, Bombas notified customers about a data breach that occurred between Nov. 11, 2016, and Feb. 16, 2017, the complaint states.
According to Bombas, hackers “scraped” customers’ names, addresses and credit card information that “likely included payment card numbers, CVV security codes, and payment card expiration dates.”
Essentially, the hackers were able to access everything they needed to make fraudulent purchases using Bombas customers’ information and to steal their identities, the lawsuit states.
Pygin’s class action lawsuit says the data was compromised because Bombas and Shopify were negligent in failing to protect their customers’ data, not only in preventing the breach, but in failing to detect and report the breach for nearly four years.
The Bombas class action lawsuit also alleges that the defendants have violated California’s Unfair Competition Law by establishing substandard security practices and procedures, by soliciting and collecting personal identifying information with the knowledge it would not be adequately protected; by storing that information in an unsecure electronic environment in violation of California’s data breach statute; and by failing to disclose the data breach to potential Class Members in a timely and accurate manner.
As of the date the class action was filed, Shopify still had not provided such information to the plaintiff and other Class Members, the lawsuit states.
In addition, the plaintiff maintains the defendants knew or should have known their computer systems and data security practices were inadequate to safeguard customers’ personal information, and that the risk of a breach was likely.
Pygin says the defendants’ unlawful practices “were negligent, knowing and willful, and/or wanton and reckless with respect to the rights of members of the Nationwide and California Classes.”
The Bombas class action lawsuit says although the company claims to have “taken and is taking steps to protect the security of its customers’ information including investments in the people, processes, and technologies that drive its comprehensive information security program,” little detail is available regarding what those steps are.
As such, Pygin is asking for the Court to take the following action:
- Order that Bombas and Shopify use third-party security auditors/penetration testers and internal security personnel to periodically conduct testing, including simulated attacks, and to promptly correct any problems detected;
- Order the defendants to use third-party security auditors and internal personnel to run automated security monitoring;
- Order the defendants to audit, test and train its security personnel regarding new or modified procedures;
- Order that the defendants’ user applications be segmented, including by creating firewalls and access controls so if one area is compromised, hackers cannot gain access to other areas;
- Order Bombas and Shopify to conduct regular database scanning and securing checks;
- Order the defendants to routinely and continually conduct internal training and education for internal security personnel on how to identify, contain and respond to a breach;
- Order the defendants to purchase credit monitoring services for the plaintiff and Class for 10 ten years;
- Order the defendants to educate their users about the threats they face as a result of the loss of their information to third parties and the steps the customers must take to protect themselves.
Pygin demands a jury trial and is seeking an order enjoining the defendants from engaging in the conduct concerning the inadequate protection of Class Members’ personal information; an order instructing the defendants to provide Class Members with funds for credit monitoring; compensatory, statutory, nominal and punitive damages; restitution and disgorgement of the money wrongly retained as a result of the defendants’ wrongful conduct; attorneys’ fees and other litigation expenses; and any other relief the Court deems appropriate.
Do you believe your personal information may have been exposed by the Bombas data breach? Let us know in the comments section below.
Pygin is represented by M. Anderson Berry and Leslie Guillon of Clayeo C. Arnold, A Professional Law Corp., and John A. Yanchunis of Morgan & Morgan Complex Litigation Group.
The Bombas Data Breach Class Action Lawsuit is Alex Pygin, et al. v. Bombas LLC, et al., Case No. 3:20-cv-04412, in the U.S. District Court for the Northern District of California, San Francisco Division.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
15 thoughts onBombas Socks Class Action Lawsuit Alleges Data Breach
Please add me to this socks class action
Please add me. I purchased many pairs
Please add me.
Please add me i brought 6 pair of them that exceeded over $75.00
Please add me