Walmart Class Action Lawsuit Says Customers Subjected to Data Breach

A Walmart customer has filed a class action lawsuit, saying he and many others were injured by an undisclosed data breach.

The Walmart data breach class action lawsuit was filed by San Fransisco resident Lavarious Gardiner, who says his personal identification information ended up on the dark web after Walmart failed to sufficiently protect customer information. He argues that this negligence has exposed him and other customers to a range of possible negative effects.

In recent legal news, Gardiner explains that he gave his personal identification information to Walmart while creating a Walmart account on the company’s website. He goes on to say that vulnerabilities in Walmart’s website allowed hackers access to not only the Walmart site, but customers’ computers. The hackers allegedly proceeded to post stolen accounts for sale on the dark web.

The Walmart security breach class action lawsuit states that because of Walmart’s failure to implement security, more than 2 million accounts are for sale on the dark web.

Gardiner says he conducted his own research into how the hacks occurred, and how the data was being sold. The Walmart data breach class action lawsuit notes that to illustrate the vulnerabilities in Walmart’s security system that led to the data breach, Gardiner conducted a scan of the Walmart website, which revealed numerous vulnerabilities.

The type of scan he used was reportedly Open Web Application Security Project Zed Attack Proxy, which he says is used widely in cybersecurity communities to identify possible vulnerabilities.

The Walmart data breach class action lawsuit states that six major vulnerabilities were revealed, including the following:

• Private IP addressing being made available in public website code
• Many instances in which a “password autocomplete” function was enabled, which could allow malware to extract a password from a consumer’s browser
• Opportunities for cookies to be accessed by scripts or malware present on a consumer’s computer
• A lack of cross-site scripting protection, which could allow a hacker to input their own script into Walmart’s website. Allegedly, this could allow a hacker to access information a consumer intended to input into Walmart’s site
• Cross-domain JavaScript file inclusion, enabling another way in which a hacker could perform cross-site scripting
• Cookies sent without secure flags, enabling them to be accessed through unencrypted connections

Gardiner says he conducted another scan of the website using Nessus, a tool used by government agencies to scan websites. He states this scan revealed additional vulnerabilities.

One key weakness revealed by the Nessus scan was Walmart’s site had an outdated security protocol still implemented. Allegedly, this outdated protocol was the source of a known weakness and had been replaced 12 years ago. Nonetheless, it was still in operation on Walmart’s site, says Gardiner.

Gardiner seeks to represent not only himself, but a proposed Class of all people in the state of California who had a Walmart account at any point in the four years before the lawsuit was filed.

He says he and others were exposed to significant injury because of Walmart’s failures.

The Walmart data breach class action lawsuit lays out the kinds of injuries that consumers may have to contend with, if their information is exposed in a data breach.

Their information may be sold to retailers who send a consumer unwanted messages, or it may be sold as spam, which can expose consumers to phishing and potential malware. A customer’s privacy can allegedly be violated, or their information harvested. Their identity can be stolen, causing financial injury, a tank in their credit score or other damage.

Additionally, the exposure of information may compromise a victims’ employment, because it could forward sensitive company information to unknown third parties, amidst other possible damages, states Gardiner.

The Walmart security failures class action lawsuit notes that many other major companies have experienced data breaches recently and faced criticism for their failures to sufficiently protect consumer data.

Gardiner states Walmart should have learned from these other companies’ experiences and taken steps to protect customers’ data before a security breach occurred. As a result, he aims to hold Walmart liable for his own injury and the injury of other consumers.

Have you had your information compromised in a data breach? Share your experiences in the comments section below.

Gardiner is represented by Thiago M. Coelho, Justin F. Marquez and Robert J. Dart of Wilshire Law Firm.

The Walmart Data Breach Class Action Lawsuit is Lavarious Gardiner v. Walmart Inc., et al., Case No. 4:20-cv-04618-DMR, in the U.S. District Court for the Northern District of California.

Read About More Class Action Lawsuits & Class Action Settlements:

How to Avoid an NSF Fee Charge

Server Fired For COVID-19 Test, Class Action Lawsuit Says

FDA Discusses Better Testing Methods for Finding Asbestos in Baby Powder

Bank of America Call Recording Lawsuit Reaches $1.9M Settlement