{"id":392,"date":"2018-07-19T16:36:10","date_gmt":"2018-07-19T16:36:10","guid":{"rendered":"http:\/\/www.www.claimsmatch.co\/?p=392"},"modified":"2018-07-19T16:36:10","modified_gmt":"2018-07-19T16:36:10","slug":"macys-lawsuit-filed-after-hackers-breach-customer-pii-data","status":"publish","type":"post","link":"https:\/\/www.claimsmatch.co\/macys-lawsuit-filed-after-hackers-breach-customer-pii-data\/","title":{"rendered":"Macy\u2019s Lawsuit Filed After Hackers Breach Customer PII Data"},"content":{"rendered":"

An Alabama resident filed a class-action complaint against Macy\u2019s in July after the retailer announced hackers broke into its secure database and stole personally identifiable information (PII) from its customers.<\/span><\/h2>\n
Source: (https:\/\/www.classaction.org\/media\/carroll-v-macys-inc-et-al.pdf)<\/span><\/a><\/pre>\n
Plaintiff, Anna Carroll, recorded her Macy\u2019s PII lawsuit in federal court, demanding the company pay damages for invasion of privacy and injuries sustained from breach of fiduciary duty and negligence for not protecting confidential consumer information. <\/span>
\nLead attorneys have announced they\u2019ll be motioning the court to certify Carroll\u2019s lawsuit as a class action; doing so will allow other consumers harmed by Macy\u2019s data breach to join as class plaintiffs, sharing compensation awards if Carroll settles or wins her case. \u00a0<\/span>
\nHackers Steal Confidential Information from Macy\u2019s Customers <\/b>
\nAfter nearly a month of data hacking, Macy\u2019s notified the public and its customers on June 7th that the company was victim of a cyberattack by a third party. <\/span>
\nThe retail giant confirmed from April 26 to June 6, unnamed hackers stole their customer\u2019s email addresses, credit and debit card numbers, birthdays, addresses and other personal data.\u00a0 <\/span>
\nCyber attackers first gained access to thousands of Macy\u2019s customer usernames and passwords from an outside source and later applied the information to collect unprotected PII data from servers. <\/span>
\nHackers did not however gain entry to social security numbers, according to Macy\u2019s IT reps; nor did the data breach expose three-digit CVC information (numbers that appear on the backs of credit cards); yet, the thieves did acquire credit and debit card expiration dates.\u00a0 <\/span>
\nMacy\u2019s Negligence Provoked PII Data Breach<\/b>
\nCarroll\u2019s lawsuit asserts Macy\u2019s security measures set up to prevent PII breaches were \u201clackadaisical, cavalier, reckless, and negligent.\u201d The plaintiff also contends the company didn’t inform customers about the cyberattack in good time, as prudent businesses would have done under similar circumstances. <\/span>
\nLead attorney in this class action, Oscar M. Price IV, argues customers consent to Macy\u2019s storing their PII data in consideration for the company promising to protect the information from hackers, which assigns certain fiduciary duties and obligations to the defendant that were breached in this case. <\/span>
\nLarge retailers also recognize or should recognize that most data servers do not have autonomous encryption to protect PII from cyberattacks, placing this information in strong demand for hackers and vulnerable to identity theft; Macy\u2019s therefore held legal obligations to implement the best PII security measures available, according to Price. <\/span>
\nCarroll is prepared to offer economic evidence that shows the retailer sustained large profits from using millions of consumer PII in their marketing strategies and promotions, but the defendant recklessly chose to spend those profits to protect customer payment information only, disregarding PII security to save on data encryption expenses. <\/span>
\nThe plaintiff further asserts Macy\u2019s waited too long to tell customers a data breach took place. PII cyberattacks started in April; yet, Macy\u2019s IT department found the hacks only on June 11, giving the thieves over two weeks to collect PII info. <\/span>
\nA prompt notice would have enabled consumers to take affirmative action and mitigate damages by changing passwords and canceling credit cards, according to Carroll. <\/span>
\nData Breach Litigation Surges in America <\/b>
\nThe law defines PII as information that distinguishes or depicts a person\u2019s identity where when used alone or when combined with other PII can place an individual\u2019s confidential information\u00a0into an unprotected environment.\u00a0<\/span>
\nAccording to the FTC,\u00a0data breach litigation is on the rise in America and emerges in individual lawsuits and class action filings in federal and state courts. <\/span><\/p>\n
(Source: https:\/\/www.ftc.gov\/system\/files\/documents\/public_comments\/2015\/10\/00027-97671.pdf)<\/span><\/a><\/pre>\n
Most data breach victims file PII lawsuits to pursue remedies to cover damages from unjust enrichment, breach of fiduciary duty, negligence, res ipsa loquitur, and breach of contract; equitable remedies (injunctive relief or specific performance) are likewise available to data breach victims when they establish legal damages cannot remedy the defendant\u2019s wrongdoing.<\/span>
\nMoney damages arising from PII jury verdicts and data breach settlement awards often reimburse specific harm produced by the cyberattack:<\/span><\/p>\n