Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
A Walmart customer has filed a class action lawsuit, saying he and many others were injured by an undisclosed data breach.
The Walmart data breach class action lawsuit was filed by San Fransisco resident Lavarious Gardiner, who says his personal identification information ended up on the dark web after Walmart failed to sufficiently protect customer information. He argues that this negligence has exposed him and other customers to a range of possible negative effects.
In recent legal news, Gardiner explains that he gave his personal identification information to Walmart while creating a Walmart account on the company’s website. He goes on to say that vulnerabilities in Walmart’s website allowed hackers access to not only the Walmart site, but customers’ computers. The hackers allegedly proceeded to post stolen accounts for sale on the dark web.
The Walmart security breach class action lawsuit states that because of Walmart’s failure to implement security, more than 2 million accounts are for sale on the dark web.
Gardiner says he conducted his own research into how the hacks occurred, and how the data was being sold. The Walmart data breach class action lawsuit notes that to illustrate the vulnerabilities in Walmart’s security system that led to the data breach, Gardiner conducted a scan of the Walmart website, which revealed numerous vulnerabilities.
The type of scan he used was reportedly Open Web Application Security Project Zed Attack Proxy, which he says is used widely in cybersecurity communities to identify possible vulnerabilities.
The Walmart data breach class action lawsuit states that six major vulnerabilities were revealed, including the following:
- Private IP addressing being made available in public website code
- Many instances in which a “password autocomplete” function was enabled, which could allow malware to extract a password from a consumer’s browser
- Opportunities for cookies to be accessed by scripts or malware present on a consumer’s computer
- A lack of cross-site scripting protection, which could allow a hacker to input their own script into Walmart’s website. Allegedly, this could allow a hacker to access information a consumer intended to input into Walmart’s site
- Cross-domain JavaScript file inclusion, enabling another way in which a hacker could perform cross-site scripting
- Cookies sent without secure flags, enabling them to be accessed through unencrypted connections
Gardiner says he conducted another scan of the website using Nessus, a tool used by government agencies to scan websites. He states this scan revealed additional vulnerabilities.
One key weakness revealed by the Nessus scan was Walmart’s site had an outdated security protocol still implemented. Allegedly, this outdated protocol was the source of a known weakness and had been replaced 12 years ago. Nonetheless, it was still in operation on Walmart’s site, says Gardiner.
Gardiner seeks to represent not only himself, but a proposed Class of all people in the state of California who had a Walmart account at any point in the four years before the lawsuit was filed.
He says he and others were exposed to significant injury because of Walmart’s failures.
The Walmart data breach class action lawsuit lays out the kinds of injuries that consumers may have to contend with, if their information is exposed in a data breach.
Their information may be sold to retailers who send a consumer unwanted messages, or it may be sold as spam, which can expose consumers to phishing and potential malware. A customer’s privacy can allegedly be violated, or their information harvested. Their identity can be stolen, causing financial injury, a tank in their credit score or other damage.
Additionally, the exposure of information may compromise a victims’ employment, because it could forward sensitive company information to unknown third parties, amidst other possible damages, states Gardiner.
The Walmart security failures class action lawsuit notes that many other major companies have experienced data breaches recently and faced criticism for their failures to sufficiently protect consumer data.
Gardiner states Walmart should have learned from these other companies’ experiences and taken steps to protect customers’ data before a security breach occurred. As a result, he aims to hold Walmart liable for his own injury and the injury of other consumers.
Have you had your information compromised in a data breach? Share your experiences in the comments section below.
Gardiner is represented by Thiago M. Coelho, Justin F. Marquez and Robert J. Dart of Wilshire Law Firm.
The Walmart Data Breach Class Action Lawsuit is Lavarious Gardiner v. Walmart Inc., et al., Case No. 4:20-cv-04618-DMR, in the U.S. District Court for the Northern District of California.
Read About More Class Action Lawsuits & Class Action Settlements:
How to Avoid an NSF Fee Charge
Server Fired For COVID-19 Test, Class Action Lawsuit Says
FDA Discusses Better Testing Methods for Finding Asbestos in Baby Powder
Bank of America Call Recording Lawsuit Reaches $1.9M Settlement
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
899 thoughts onWalmart Class Action Lawsuit Says Customers Subjected to Data Breach
my credit card was hacked again, every time that any credit card of mine is hacked, the card that i used was to make a purchase @ a Walmart store where i live or @ various Walmart locations, these purchases were made the same day or the previous day that I made a purchase, !!!!! why cannot fix their system, I don’t know, probably they don’t care. The Walmart that i normally shop at has potholes INSIDE the store!!!!! That should tell You something!!!!!
From June 2023 to august I was a Walmart plus member. My bank account information was breached leading me to have to report fraudulent charges and shutting off old card ordering a new card waiting for it and all my autopays set out of wack. I’m onboard with the lawsuit.
I was at Walmart on 7/6/2023 made a purchase for $159.63 at 19:25 and within 25min after leaving my card was hit 4 times totaling $175.61 I only use my debt card 4 gas and my bank let’s them take that money out of my account and then they dispute the charges so now I have 2 struggle until my money is put bk on my card and that can take a couple weeks it makes no sense at all I should feel safe using my card at a multi billion dollar company but I guess not if I owned a business and someone’s card was compromised I would reimburse them immediately and not only that I would give them a gift card 4 there inconvenience I’m waiting 4 the manager 2 call me bk and if I don’t hear from him by noon r so I’m calling channel 9 NEWS and I can’t believe they haven’t mentioned the Cicero location where I was hacked Idk and honestly IDC I will never step another foot in a walmart again.
our data was breached when i ordered a swimming pool and the order was for 2200$. The order plainly showed 1 pool ,and we received two pools. and another 2200$ was fraudulently stolen out of our account.walmart customer service is a joke. I want to know how someone else ( the company they ordered the pool from,was able to access our account. I assured my husband Walmart online order was 100% safe.What a fool believes.
My walmart account was hacked yesterday afternoon. They ordered 2 separate over hundred dollar orders that they set up as a reoccurring payment using my PayPal that was linked in my walmart account. I canceled the reoccurring, filed a suit with PayPal. Talked to walmart a few hours and finally got back into my account that they had immediately closed after setting the payments. Now I can see 3 addresses they were sending the products too. I want to report the addresses to someone. One address looks like a townhouse across from a shipping warehouse. I’m assuming they use these addresses to get the products to then resell probably on Amazon for profit. Someone needs to try to at least stop these people.
Same thing happened to me yesterday too, the hackers tried to purchase a apple electronic and it was declined because I always keep my funds on my savings account from chime, I blocked the transaction and ordered a replacement card and changed my Walmart password. I reported it to Walmart but they never got back to me.
This just happened to me I place a order for a product that was a little over 500 dollars I received a email stating that my order had been delivered. When I got home it was not there I called Walmart
They stated the order has been delivered. I looked on the app and there was a different address in a whole other state with somebody else’s name with a message of where to put the package. It was not my address. Someone has hacked my account and been able to change my. previous to this I’ve had other fraudulent charges that were charged to my account but those charges were refunded. Walmart stated it’s nothing they could do about this issue. and then deactivated my account. This is very unfair. Walmart should be held accountable for this.
Several days ago, I checked my online bank statement and found a monthly charge (subscription?) being deducted. I went back through one year’s worth of online bank statements and found duplicate unauthorized payments of varios amounts w/in one to two days of each other. I am having a nightmare time getting reimbursed by my bank (so far, not successful). The authorized charges were for Walmart items/goods. I have several cards on file in my Walmart account. I have deleted all of the cards but still feel like I might be missing some crookery or another by the fraudsters. I’m pissed! I feel victimized.
Recently had several online Walmart purchases using PayPal that were not mine. Had to get new credit card, change passwords. My checking account was also accessed via PayPal and now I am afraid of what information the hacker has. This should not have happened
This just happened to me as well. Completely unacceptable!
I received an email saying that I had cancelled my order. I contacted them and they kept insisting that I had called them last night and cancelled the order. I did not even make a phone call last night, let alone to cancel a order I have been waiting for. I was worried about who had access to my account and why they thought I called them. No help at all. Just kept saying no worries your account is secure. Which was kind of a red flag by itself. I finally got a call back and spoke to someone in person but they still just kept saying not to worry that my account is secure. No answer about who did it or why changes to my account was allowed to be made without my authorization. Then just now I received another email for another cancellation, this time due to suspicious activity. This is disturbing. Even more so now that I’ve read all these comments about people’s money being stolen.
Everytime I order something from walmart my card or PayPal is hacked and people order items that I didn’t and drain my account. This last time was through PayPal after I ordered something off Walmart.com
So if anyone ever orders anything be careful watch your bank statements or credit card statements and don’t save them for payments! My advice would to purchase a gift card if ordering online. Again it’s only Walmart I have this problem with no other retailer!!!!