Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
A Walmart customer has filed a class action lawsuit, saying he and many others were injured by an undisclosed data breach.
The Walmart data breach class action lawsuit was filed by San Fransisco resident Lavarious Gardiner, who says his personal identification information ended up on the dark web after Walmart failed to sufficiently protect customer information. He argues that this negligence has exposed him and other customers to a range of possible negative effects.
In recent legal news, Gardiner explains that he gave his personal identification information to Walmart while creating a Walmart account on the company’s website. He goes on to say that vulnerabilities in Walmart’s website allowed hackers access to not only the Walmart site, but customers’ computers. The hackers allegedly proceeded to post stolen accounts for sale on the dark web.
The Walmart security breach class action lawsuit states that because of Walmart’s failure to implement security, more than 2 million accounts are for sale on the dark web.
Gardiner says he conducted his own research into how the hacks occurred, and how the data was being sold. The Walmart data breach class action lawsuit notes that to illustrate the vulnerabilities in Walmart’s security system that led to the data breach, Gardiner conducted a scan of the Walmart website, which revealed numerous vulnerabilities.
The type of scan he used was reportedly Open Web Application Security Project Zed Attack Proxy, which he says is used widely in cybersecurity communities to identify possible vulnerabilities.
The Walmart data breach class action lawsuit states that six major vulnerabilities were revealed, including the following:
- Private IP addressing being made available in public website code
- Many instances in which a “password autocomplete” function was enabled, which could allow malware to extract a password from a consumer’s browser
- Opportunities for cookies to be accessed by scripts or malware present on a consumer’s computer
- A lack of cross-site scripting protection, which could allow a hacker to input their own script into Walmart’s website. Allegedly, this could allow a hacker to access information a consumer intended to input into Walmart’s site
- Cross-domain JavaScript file inclusion, enabling another way in which a hacker could perform cross-site scripting
- Cookies sent without secure flags, enabling them to be accessed through unencrypted connections
Gardiner says he conducted another scan of the website using Nessus, a tool used by government agencies to scan websites. He states this scan revealed additional vulnerabilities.
One key weakness revealed by the Nessus scan was Walmart’s site had an outdated security protocol still implemented. Allegedly, this outdated protocol was the source of a known weakness and had been replaced 12 years ago. Nonetheless, it was still in operation on Walmart’s site, says Gardiner.
Gardiner seeks to represent not only himself, but a proposed Class of all people in the state of California who had a Walmart account at any point in the four years before the lawsuit was filed.
He says he and others were exposed to significant injury because of Walmart’s failures.
The Walmart data breach class action lawsuit lays out the kinds of injuries that consumers may have to contend with, if their information is exposed in a data breach.
Their information may be sold to retailers who send a consumer unwanted messages, or it may be sold as spam, which can expose consumers to phishing and potential malware. A customer’s privacy can allegedly be violated, or their information harvested. Their identity can be stolen, causing financial injury, a tank in their credit score or other damage.
Additionally, the exposure of information may compromise a victims’ employment, because it could forward sensitive company information to unknown third parties, amidst other possible damages, states Gardiner.
The Walmart security failures class action lawsuit notes that many other major companies have experienced data breaches recently and faced criticism for their failures to sufficiently protect consumer data.
Gardiner states Walmart should have learned from these other companies’ experiences and taken steps to protect customers’ data before a security breach occurred. As a result, he aims to hold Walmart liable for his own injury and the injury of other consumers.
Have you had your information compromised in a data breach? Share your experiences in the comments section below.
Gardiner is represented by Thiago M. Coelho, Justin F. Marquez and Robert J. Dart of Wilshire Law Firm.
The Walmart Data Breach Class Action Lawsuit is Lavarious Gardiner v. Walmart Inc., et al., Case No. 4:20-cv-04618-DMR, in the U.S. District Court for the Northern District of California.
Read About More Class Action Lawsuits & Class Action Settlements:
How to Avoid an NSF Fee Charge
Server Fired For COVID-19 Test, Class Action Lawsuit Says
FDA Discusses Better Testing Methods for Finding Asbestos in Baby Powder
Bank of America Call Recording Lawsuit Reaches $1.9M Settlement
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
899 thoughts onWalmart Class Action Lawsuit Says Customers Subjected to Data Breach
My Walmart account was hacked on 2/28/22. Walmart sent me an email about suspicious activity and said it canceled the order. I immediately went into my account and removed my payment info and saw there were 6 orders, each for 4 Covid tests going to 6 different states. The shipping name was mine, but the buyer names were on there. I went into the assessors databases for each shipping address and the different buyers last names matched for owning the home the items were shipping to. I called my bank to cancel my card. I thought everything was sorted out because the orders all showed canceled. The next day $510 worth of covid tests were charged to my account and the items were already being shipped. Walmart was friggin useless!!!! Told me nothing they could do and to call my bank. I’m done with Walmart, they are horrible to deal with.
I just dealt with the same problem yesterday . Now I’m out of 600 bucks. Walmart has no protection protocol and it’s not difficult to do. Too many charges @ one time should require a text message for approval or something. My bank can only file a fraud claim and I gotta wait cause i can’t stop the money from going out. Walmart was advised within an hour or less of the charges. All they do is send an email which Im sure that company is fraud. Walmart was absolutely NO HELP!
My card was compromised 02/06/22 through walmart.com which really screwed me. Now have some important bills unpaid because I’m still waiting for money to be processed from my dispute. I really hate theives
My debit card was compromised January 22, 2022 through Walmart.com. I had to cancel my card, change passwords and notify Walmart of the items ordered were not mine, however 2 items were already en route to be delivered. Also had to notify my back. The items have to clear the bank before I can dispute!
Had this happened to me I had to go and change my debit card through my bank which messed up all my accounts cuz I had to change all of them to a new debit card it was awful someone ordered over $200 on my Walmart account
same thing happened to me just now had a order placed on my walmart app from accross the us . canceled the order and my card walmart should do a better job now i have to wait 7 days for a new card to come in.. just wow
I woke up this morning to 450 spam emails from american, russian and chinese sources. Also my Mastercard and Debit card were charged to walmart for $805, $116 and $350. The products ranged from groceries to appliances and the shipping address was to Quebec. I was able to cancel the charges and cancel my cards. However I have had to start a new email because the fraudulent emails would not stop. I am very concerned for my cyber security now.
same thing happened to me just now had a order placed on my walmart app from accross the us . canceled the order and my card
Same thing happen to me at Walmart in Lovejoy
My walmart account was hacked in November 2021. The hacker used two gift cards I had stored in my account totalling close to 200 dollars for purchases in a Georgia store. I live in florida and have not traveled since the pandemic started. They also signed me up for walmart plus charging my credit card. When I contacted walmart they said I had to provide them with receipts for the cards. One of the cards I have had since 2019. I don’t have the receipts anymore. Their receipts fade. I tried getting the receipts from them but they tell me they are unavailable. One card still had 6 dollars on it but I cannot use it, because walmart locked it. And without receipt they won’t unlock it. I have both physical cards but they just run me around in circles. I asked how someone could use my credit card that was on file without the 3 digit security code and they had no answer. My credit card was not used anywhere else. I removed all saved cards from my account, but since then I shopped in a walmart and used my credit card and then the sale popped up in my recent purchases. If I removed my cards, how are they tracking my credit card?
I had over 300$ in gift cards stored on my Walmart account for later use. I finally decide to use them after quite a while only to find out that they were drained at a store in another county 3-4 hours away from me that I’ve never been to or heard of. They did four separate transactions until they drained the gift cards. I’m fighting with Walmart to clear it up now. They keep telling me to contact my financial institution. Well, it’s a Walmart gift card that was drained, not my Debit card!! They just kick the cab down the road and don’t care.
I just found that someone accessed my walmart.com account and ordered a skin care product and 6 XBOX games in November. The skin care product was shipped to an address in New Mexico, and the game codes were emailed to my email address. The total purchase was over $600, but the credit used on this purchase wasn’t mine. There was another pickup purchase placed earlier but got cancelled by Walmart due to unusual account activity.
Someone hacked into my Walmart.com account three days ago and placed an order of a few cheap groceries for pickup in Katy, TX, and then $80 of baby formula being shipped to a home in TX. Walmart flagged it as suspicious and cancelled it.
I was pretty unhappy about it because I had a unique and strong password for the account (a jumble of letters, numbers, and symbols). I changed the password to a new strong one, and today had two more fraudulent orders placed!! This time to Anaheim, CA. Same deal of a few cheap groceries for pickup and then shipping the expensive things that they can resell (in this case 8 bottles of dandruff shampoo).
I called Walmart’s customer service and they insisted that there’s been no breach of data from their end. They said I should either close the account or remove my credit card for a week “and they’ll move on from you”.
Seriously WTF.
I just had the same thing done to me this morning. Someone ordered a cellphone worth $154.99 to be sent to Juan Zabala at 320 Mason Creek Dr. Ste 170 in Katy TX 77450 using a gift card I had on file. Luckily I was able to cancel the order but now I fear my data has been breached. This is total BS the lawsuit in CA was dismissed this year.