A Macy’s customer has filed a class action lawsuit against the department store chain over claims that the company did not properly handle a data breach that occurred in October 2019.
Robert Hartigan, a Massachusetts resident, filed the Macy’s data breach class action lawsuit on behalf of himself and all other affected individuals. He says that on Oct. 10, 2019, he purchased items from Macy’s website using a Visa card. He says that the items were scheduled to ship to his home address with premium shipping.
For this purchase, Macy’s allegedly collected and maintained Hartigan’s information on its website. Hartigan says that he and other customers had the expectation that Macy’s would protect their information and keep it from being disclosed to other parties.
Allegedly, Macy’s did not follow through with this duty, as a data breach took place that exposed his information and the information of many other customers.
Hartigan asserts that the data breach at issue took place between Oct. 7 and Oct. 15, 2019. Allegedly, hackers breached the company’s data security and stole personal information from the company’s website.
Compromised information reportedly includes customers’ checkout and wallet-page information, and included first and last names, email addresses, phone numbers, home addresses, credit card numbers, credit card security codes, and credit card expiration dates.
Allegedly, Macy’s issued a public statement soon after the breach, providing information about the breach. Hartigan says that this public statement was followed up with a letter to affected individuals.
Hartigan states that he received a letter dated Nov. 14, 2019 informing him that is personal information had been comprised in a recent Macy’s data breach.
In this letter, customers were informed that the loss of their personal information could cause them to experience identity theft and fraud, and were advised to take steps to protect their financial information.
In the Macy’s data breach class action lawsuit, Hartigan takes issue with Macy’s failure to offer financial compensation to those affected by the breach. Although a year of credit monitoring was offered in the letter, Hartigan argues that this is not enough.
According to the data hack identity theft class action lawsuit, Macy’s did not act appropriately either before or after the breach.
The Macy’s data security class action lawsuit asserts that the department store did not take appropriate measures to protect customers before the breach.
Additionally, the company reportedly failed to help protect customers from financial injury and other injury after the breach, by not providing compensation for the company’s failings.
Hartigan asserts that the failures constituted negligence, violations of statutory law and regulations, and violations of the Massachusetts common law.
The Macy’s class action lawsuit notes that Macy’s maintains a privacy policy that assures customers that their personal information would not be accessed by unauthorized parties and cites the “Macy’s Responsible Information Management program.”
Stressing the company’s stated commitment to data security, Hartigan notes that the company has “various procedural, technical, and administrative measures to safeguard the information we collect and use.”
Allegedly, Macy’s violated its own policies and rules in not sufficiently protecting customers data. Hartigan asserts that Macy’s did not take adequate measures to ensure that its own employees followed rules and protocols designed to protect customer data.
This is not the first time that Macy’s has been accused of not protecting customer data. The company suffered another data breach between May 1, 2018, and June 11, 2018. In October 2019, the company reached a $257,000 settlement with customers who claimed that the company similarly mishandled the data breach.
Like the current Macy’s data breach class action lawsuit, the previous Macy’s data breach class action lawsuit was filed by a customer who made their purchases online, through the Macy’s website. Like Hartigan, that consumer said that the data breach left her and many other consumers vulnerable to identity theft, fraud, and financial injury.
Macy’s denied wronging in the previous data breach class action lawsuit, but agreed to settle the customer’s claims in an effort to avoid the costs and risks of continuing to litigate the claims.
This recent Macy’s data breach class action lawsuit was originally filed in state court and has since been removed to Massachusetts federal court.
Have you ever been the victim of a data breach? Tell us about your experience in the comments below.
Hartigan is represented by David J. Relethford, Michael C. Forrest, and Robert E. Mazow of Forrest LaMothe Mazow McCullough Yasi & Yasi PC.
The Macy’s Data Breach Class Action Lawsuit is Robert Hartigan v. Macy’s Inc., Case No. 1:20-cv-10551, in the U.S. District Court for the District of Massachusetts.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
254 thoughts onMacy’s Class Action Says Data Breach Was Mishandled
add me
ADD ME PLEASE
ADD ME PLEASE
Add me please thanks
Please add me.
Add me please. I’ve constantly shopped at Macy’s for 10years or more using my Visa card.
I received a letter from Macy’s about this matter.
Add me please
Add me please
please add me to the lawssuit
Yes add me to the Macys data breach.
Please add me to the Macy’s lawsuit
Please add me