Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
A $625,000 settlement has been reached in a class action lawsuit stemming from a 2020 FabFitFun website security incident that may have compromised consumers’ personal information.
Plaintiffs in the class action lawsuit alleged third parties accessed FabFitFun’s website, potentially gaining access to certain personal information of customers who purchased new subscriptions via the website between April 26 and May 14, 2020, and between May 22 and Aug. 3, 2020.
According to the plaintiffs, these unauthorized third parties were able to extract enough information to illegally use customers’ payment cards to make purchases and may have made the information available for sale on the dark web.
FabFitFun has denied all allegations of wrongdoing, but agreed to a settlement following mediation.
The settlement Class will be made up of anyone identified by FabFitFun and whom FabFitFun notified that their information may have been exposed during the security breach, according to the proposed settlement.
The Class is estimated to have 441,160 members: about 130,293 whose payment card, login, and password information was potentially exposed; about 68,807 whose login and account password, but not payment card, information was potentially compromised; and about 245,060 to whom FabFitFun sent notice of the incident “out of an abundance of caution” but, upon further investigation, whose personal information was not exposed or accessed.
Class Members will be able to claim one of three Basic Awards or a Reimbursement Award.
The Basic Awards tiers will be initially set as follows:
- Tier 1: $55 for Class Members who potentially had their payment card, login, and passwords exposed
- Tier 2: $25 for Class Members who potentially had their login and password information exposed, but not their payment card information
- Tier 3: $12 for Class Members not in tiers 1 or 2 who were notified of the incident as a precaution but were found not have had their poersonal infomation accessed
Class Members may claim a Reimbursement Award of up to $5,000 if during the Unauthorized Charge Period they experienced one or more fraudulent or unauthorized charges they claim in good faith was likely to have been caused by the security incident on a payment method used on the FabFitFun website during the Class Period, and the charges were not denied, reveresed, or credited or reimbursed in some way.
Class Members wishing to claim a Reimbursement Award also must have made reasonable efforts to avoid or seek reimbursement for their losses, such as exhausting credit monitoring and identity theft insurance options.
The Reimbursement Award will cover up to $5,000 in unreimbursed unauthorized charges as described above, out-of-pocket expenses, and $20 per hour for up to three hours of time spent dealing with those charges if at least one full hour was spent and the time can be documented.
FabFitFun also has agreed to injunctive relief, including offering multifactor authentication on customer accounts, conducting phishing and penetration testing, hiring additional security and technical personnel, and employing a third-party cybersecurity forensic expert to conduct a risk assessment of the company’s data assets and environment, among other measures.
Have you ever subscribed to the FabFitFun Box? Let us know in the comments below.
The plaintiffs are represented by Marisa C. Livesay, Betsy C. Manifold, Brittany DeJong, and Rachele R. Byrd of Wolf Haldenstein Adler Freeman and Herz LLP; and Leslie S. Guillon and Michael Anderson Berry of Clayeo Arnold APLC.
The FabFitFun Class Action Lawsuit is Cheryl Gaston, et al. v. FabFitFun Inc., Case No. 2:20-cv-09534-RGK-E, in the U.S. District Court for the Central District of California.
Read About More Class Action Lawsuits & Class Action Settlements:
43 thoughts onFabFitFun to Pay $625K to Settle Class Action Claims over 2020 Web Security Incident
had 3 accounts through 3 different emails during this time
I have had 3 accounts during this time
I AM A MEMBER CURRENTLY.