Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
A Walmart customer has filed a class action lawsuit, saying he and many others were injured by an undisclosed data breach.
The Walmart data breach class action lawsuit was filed by San Fransisco resident Lavarious Gardiner, who says his personal identification information ended up on the dark web after Walmart failed to sufficiently protect customer information. He argues that this negligence has exposed him and other customers to a range of possible negative effects.
In recent legal news, Gardiner explains that he gave his personal identification information to Walmart while creating a Walmart account on the company’s website. He goes on to say that vulnerabilities in Walmart’s website allowed hackers access to not only the Walmart site, but customers’ computers. The hackers allegedly proceeded to post stolen accounts for sale on the dark web.
The Walmart security breach class action lawsuit states that because of Walmart’s failure to implement security, more than 2 million accounts are for sale on the dark web.
Gardiner says he conducted his own research into how the hacks occurred, and how the data was being sold. The Walmart data breach class action lawsuit notes that to illustrate the vulnerabilities in Walmart’s security system that led to the data breach, Gardiner conducted a scan of the Walmart website, which revealed numerous vulnerabilities.
The type of scan he used was reportedly Open Web Application Security Project Zed Attack Proxy, which he says is used widely in cybersecurity communities to identify possible vulnerabilities.
The Walmart data breach class action lawsuit states that six major vulnerabilities were revealed, including the following:
- Private IP addressing being made available in public website code
- Many instances in which a “password autocomplete” function was enabled, which could allow malware to extract a password from a consumer’s browser
- Opportunities for cookies to be accessed by scripts or malware present on a consumer’s computer
- A lack of cross-site scripting protection, which could allow a hacker to input their own script into Walmart’s website. Allegedly, this could allow a hacker to access information a consumer intended to input into Walmart’s site
- Cross-domain JavaScript file inclusion, enabling another way in which a hacker could perform cross-site scripting
- Cookies sent without secure flags, enabling them to be accessed through unencrypted connections
Gardiner says he conducted another scan of the website using Nessus, a tool used by government agencies to scan websites. He states this scan revealed additional vulnerabilities.
One key weakness revealed by the Nessus scan was Walmart’s site had an outdated security protocol still implemented. Allegedly, this outdated protocol was the source of a known weakness and had been replaced 12 years ago. Nonetheless, it was still in operation on Walmart’s site, says Gardiner.
Gardiner seeks to represent not only himself, but a proposed Class of all people in the state of California who had a Walmart account at any point in the four years before the lawsuit was filed.
He says he and others were exposed to significant injury because of Walmart’s failures.
The Walmart data breach class action lawsuit lays out the kinds of injuries that consumers may have to contend with, if their information is exposed in a data breach.
Their information may be sold to retailers who send a consumer unwanted messages, or it may be sold as spam, which can expose consumers to phishing and potential malware. A customer’s privacy can allegedly be violated, or their information harvested. Their identity can be stolen, causing financial injury, a tank in their credit score or other damage.
Additionally, the exposure of information may compromise a victims’ employment, because it could forward sensitive company information to unknown third parties, amidst other possible damages, states Gardiner.
The Walmart security failures class action lawsuit notes that many other major companies have experienced data breaches recently and faced criticism for their failures to sufficiently protect consumer data.
Gardiner states Walmart should have learned from these other companies’ experiences and taken steps to protect customers’ data before a security breach occurred. As a result, he aims to hold Walmart liable for his own injury and the injury of other consumers.
Have you had your information compromised in a data breach? Share your experiences in the comments section below.
Gardiner is represented by Thiago M. Coelho, Justin F. Marquez and Robert J. Dart of Wilshire Law Firm.
The Walmart Data Breach Class Action Lawsuit is Lavarious Gardiner v. Walmart Inc., et al., Case No. 4:20-cv-04618-DMR, in the U.S. District Court for the Northern District of California.
Read About More Class Action Lawsuits & Class Action Settlements:
How to Avoid an NSF Fee Charge
Server Fired For COVID-19 Test, Class Action Lawsuit Says
FDA Discusses Better Testing Methods for Finding Asbestos in Baby Powder
Bank of America Call Recording Lawsuit Reaches $1.9M Settlement
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
899 thoughts onWalmart Class Action Lawsuit Says Customers Subjected to Data Breach
I’m in awe reading these comments because this is similar to what happened to me. Today I received an email from Walmart stating my order had been delivered. My husband works from home so when I saw it was Advil I thought maybe he placed an online order and ignored the email. As the day went by I got two more emails stating my order was delivered, more curious about what he ordered I opened my email to see there were three orders one, two medicines and a freaking kids trampoline!!!! I was so confused because we don’t have kids and my husband is 6’9 so although the thought of him jumping on kids trampoline is hilarious it seemed out of nature. The email contained a photo of where the item was delivered and it was an apartment in my state about 30 minutes away. If my card info was stolen it would make sense since I tend to buy online often but the fact that someone was able to log in to my Walmart account and purchase something just seems odd to me. I verified with my husband and he did not order anything from Walmart. Luckily I was able to call my bank and start an investigation because Walmart was absolutely no help. Just as many of you have mentioned they stated I would have to speak to my bank.
I find it very odd that it wasn’t my card info that was stolen but instead someone was able to log in to my Walmart account and make purchases.
I need to update what I stated a few days ago, I thought things were getting better. I was checking my bank statement and someone still ordered things on walmart.com to the tune of $159.41. Only this time, it just happened today, so hopefully the bank will be able to cancel it and put ; money back in.
Found out that it is the financial institution working on it , so maybe they are trying to correct this mess.
Money for Walmart purchases was taken out of my bank account through PayPal.
My Walmart+ membership was hacked six times before I even had paid the $98.00 membership fee. I became a trial member in the middle of December and did not know that my debit card had been used to order merchandise December 30th and sent to an alternative address. The membership fee went through the bank on January 18, 2022. As I checked our bank account, I would see Walmart on it and knew we had made purchases, but did not notice for several months, (from December 30, 2021, to June 15, 2022), that there were twenty seven transactions that had Walmart.com AA 800-966-6546 AR beside them. These orders were not placed by me, but rather by an individual who had their own email address, address, and cell phone number. Our bank statements reflect we were loyal Walmart customers and it was only when I decided to be a Walmart + member and Walmart stored my card information online, that we were hacked. Walmart allowed them to use our money by letting them place orders, verified my payment details and because my name and debit card matched, Walmart then shipped it to the perpetuator’s address.
I might not have noticed it for a longer period of time, but on June 15, 2022, my husband and I had placed an order and were going to the nearby Walmart store to pick it up. As soon as we got in the city limits, an associate from Walmart called and said that they did not have enough people to gather our groceries and would we like to wait until the following day to get them or cancel the order. We said to go ahead and cancel the order and proceeded to go into the store ourselves and get things. We checked a few days later to make sure that Walmart had put the money back in from the cancelled order and they hadn’t, so I called to ask when that would happen. I was told that it would take 5-10 business days to replace it. We waited a few more days and checked to see if it had been replaced, and it had, but I noticed just a few lines down on our bank statement, that there was another amount on the very day that our order was cancelled, for $250.06 and noticed the Walmart.com AA 800-966-6546 AR number. When I put the 800 number up on my I-pad, instantly “what’s that charge.com” came up. Then I saw all the people that had this charge on their card statements and the scams that were going on. I was hoping it would be only a few times, and feel kind of dumb about this, but didn’t notice it because the times I ordered, it always said Walmart and so I didn’t notice the AA and the 800 number beside the ones that someone else ordered for several months.
I called Walmart and talked to an associate. Sad, to say, I didn’t get the first associate’s name. He said I would need to contact my financial institution and they would have to contact them. I did call the bank and cancelled my card and met with them the following day to find out it was 27 transactions that Walmart sent to this alternative address. The bank would contact the card issuer, and they would dispute the charges. I found out later they would only cover 15 transactions and that left us with 12 that weren’t.
I called Walmart back the following day (June 22, 2022) and talked to an associate, making sure to get his name and a confirmation number.( Vladimir , no last name: confirmation # 22062268566) He told me the same thing that the first associate did, I would need to talk to the bank and have them dispute it. He asked if I didn’t get an email or text when the orders went in. I told him that yes, I did when I ordered things, but the hacker had their own address, email address, and cell number and used my money. I told him that I could understand if this might have happened once or twice, but to send merchandise to an AA 27 times!
I called Walmart again on June 27, 2022. (Again, the reps’ name was Mohammed and confirmation number: 2206277347940810000). She started telling me how many customers Walmart has. I asked her how that would help me get the money back. She assured me that this would be resolved in 5-7 business days. I waited and still had not heard anything, so on July 11th , I called Walmart back again. ( Samantha was the rep ; confirmation 2207115416145520001) This time I was told it would be taken care of in 24 hours or less. I never heard from them either. However, I had contacted Walmart Executive Escalations previously before I called Samantha at executiveescalations@walmart.com. (Lauren, have emails) Lauren tried to make me feel better by telling me that “When customers place orders on Walmart.com, each order placed goes through a security and verification process to confirm payment details and minimize fraud.” Again, they verify payment, making sure the card holder’s name matches the card on file, but do not have an AVS (or address verification system for credit card transactions) in place. If they had this in place, I would not be in the position I am now. I told her that all this payment confirmation process did was allowed the hacker to use others hard earned money and once Walmart got their payment, they shipped to whoever ordered it at the card holder’s expense. This is frustrating, even maddening, since Walmart is such a big company but refuse to use an address verification service to protect their customers. And to top it all off, this scam has been going on for several years and Walmart still will not try to safeguard their customers’ identity. What I would like to happen is that I will get funds put back in my account that the card issuer won’t cover. Also, Walmart should be held liable for not providing a safe and secure environment for its customers. They must have a address verification system and any other security system implemented that will help customers feel safe to order from them. Although, I know I have a certain responsibility to protect my personal information myself, once Walmart had my personal data, they also had the responsibility to keep my data from falling into the hands of hackers or criminals, and they did not do that, leaving me on my own to try to figure this out.
There’s times this week someone tried to order large items. Contacted walmart yesterday. They said they’d have their IT “security department” look into it. Happened again this morning.
They got me too. $800+- bucks yesterday . 3 charges. I was able to get the last once canceled quickly cause I was chatting with Walmart when it occurred. So I was got for abt 600 bucks. But Obviously you would think that Walmart could see something is not right with the company who kept charging my account. There location is about 200 letters looking like gibberish followed by the country. Walmart needs to get it together or there needs to be another class action cause this is stressful.
Someone hacked my account on walmart purchasing 35 of the same item all with different order numbers but same tracking number, all totaling 7k. I Cought it right away June 10 2022 and let my bank and walmart know. I have been calling everyday to walmart and my bank because now i’m a scared. One walmart associate from billing department helped give out proof on my behalf and told my bank it could not believe walmart let all those transactions go through. As for the order being a flat envelope with all 35 supposedly radios trying to be delivered at my address where refused and stamped refused and is on its way to sender which has a fake phone number and i let walmart know to.
Maybe the banks should start suing these retailers who allow this stuff to go on. Walmart will still make money for each item sold on their platform WHETHER fraud or not.Plus millions still shop at Walmart so they will still forever make money. The banks are federally insured so they have to protect and refund our money for known fraud activities. Well the selling platforms knows this so no sweat off of their HEADS. Leave the mess for the consumers
On 4/26/2022 I purchased a prepaid cellphone from Walmart and my bank account was hacked. It even says it on the receipt. So from now on I always pay cash for purchases.
please add me
Add me to the lust
Add me somebody got in my account in order 900 dollars of toys & clothes get thing my card was locked call them they tell me everything look ok i said no i ain’t order nothing i said was the address they tell me LA i said sweetie I’m in TN
They said nothing went thur so you good they dnt care
Mine was just hacked and Walmart rep didn’t care at all
Well these selling platforms are a breeding ground for scammers not from the USA. On two occasions I have ordered an item on a selling platform and an empty package was delivered. So trying to dispute it is hard. Messaged the seller and and she kept saying it was received. Well what I ordered wouldn’t fit in a flat envelope. That was on eBay. The second was amazon, but Amazon made it right with no hesitation. The scammers are getting better and everyone wants to stick to this new technology but it’s going to be the death of us all. Prob not physically but monetarily and mentally. Other countries are better at it than Americans. Will soon be a cyber war like no other. I have been hacked about 4 or 5 times in the last 5 years. What I may do is switch everything to my Apple Credit card and see if I have more protection. Apple don’t play about their security
My information was compromised on 03-07-22. I ordered a protein powder through the app . Someone changed the address I had in the system and sent it to a state on the other side . I contacted Walmart and they couldn’t do anything besides cancel the order but it’s already going to be delivered in 1 day . Super disappointed. They said I would have to dispute the charge with Walmart and order again. That I needed to change my password as well. Not going to buy off their website ever .