Data Breach Litigation
Daniel C. Cohen is a founding partner of Consumer Attorneys LLP and co-chairs the firm’s Consumer Finance Litigation practice. Mr. Cohen also manages the firm’s client intake and development efforts.
About Data Breach Litigation
An Illinois woman has filed a proposed class action lawsuit against Claire’s, alleging that the jewelry and fashion accessories chain failed to protect them from data breach that may have put their personal information in jeopardy and waited too long to tell them about it.
In a lawsuit filed in an Illinois state court, plaintiff Julia Rossi alleges that Claire’s customers’ data was compromised from April 7 to June 12 -- and that the company waited almost a full month before letting customers know that their information may have been stolen by hackers.
The stolen data included customers’ credit and debit card information, phone numbers and addresses, according to Rossi’s suit.
“It appears it was not difficult for a thief or a hacker to exploit Defendants’ lax security and exfiltrate the Personal Information right under Defendants’ noses, as Defendants failed to discover the intrusion for over one month and then waited roughly another month, at minimum, before providing any notice to the affected customers,” Rossi charges in her suit, which she filed in a Cook County, Illinois civil court.
The cyber crooks who pulled off the breach apparently used “Magecard” tactics to hack Claire’s, infiltrating the company’s Salesforce Commerce Cloud, according to a report by BankInfoSecurity.
Claire’s has more than 9,000 brick-and-mortar locations across the globe and netted some $12.9 million in online sales in 2019, the suit states.
The information that became compromised during the data breach could leave Rossi and other Claire’s customers vulnerable to fraud and identity theft, she alleges.
Rossi claims that, since June, she has been inundated with scam calls from individuals who are trying to defraud her by leaving threatening messages to demand her personal information. She now spends hours each day monitoring her financial accounts and dealing with the spam calls, she says.
Rossi says that Claire’s had a duty to protect its customers’ data and that it should have informed them of the breach in a more timely manner.
Rossi is bringing claims of negligence, breach of implied contract and unjust enrichment -- as well as violations of the Illinois Personal Information Protection Act and Illinois and Pennsylvania consumer protection laws -- against the retail giant.
With the information potentially stolen from the Claire’s data breach, cyber criminals could open accounts, rack up debts and even receive government benefits or obtain government-issued identification -- all using victims’ names.
And fixing the damage that identity theft causes to victims can be both time consuming and costly.
Claire’s customers who believe that their personal data may have been compromised during the timeframe of the breach should contact a lawyer to discuss possible legal action against the company -- and the team at Consumer Attorneys LLP is here to fight for anyone who may have fallen victim to the breach.