{"id":392,"date":"2018-07-19T16:36:10","date_gmt":"2018-07-19T16:36:10","guid":{"rendered":"http:\/\/www.www.claimsmatch.co\/?p=392"},"modified":"2018-07-19T16:36:10","modified_gmt":"2018-07-19T16:36:10","slug":"macys-lawsuit-filed-after-hackers-breach-customer-pii-data","status":"publish","type":"post","link":"https:\/\/www.claimsmatch.co\/macys-lawsuit-filed-after-hackers-breach-customer-pii-data\/","title":{"rendered":"Macy\u2019s Lawsuit Filed After Hackers Breach Customer PII Data"},"content":{"rendered":"
Source: (https:\/\/www.classaction.org\/media\/carroll-v-macys-inc-et-al.pdf)<\/span><\/a><\/pre>\nPlaintiff, Anna Carroll, recorded her Macy\u2019s PII lawsuit in federal court, demanding the company pay damages for invasion of privacy and injuries sustained from breach of fiduciary duty and negligence for not protecting confidential consumer information. <\/span>
\nLead attorneys have announced they\u2019ll be motioning the court to certify Carroll\u2019s lawsuit as a class action; doing so will allow other consumers harmed by Macy\u2019s data breach to join as class plaintiffs, sharing compensation awards if Carroll settles or wins her case. \u00a0<\/span>
\nHackers Steal Confidential Information from Macy\u2019s Customers <\/b>
\nAfter nearly a month of data hacking, Macy\u2019s notified the public and its customers on June 7th that the company was victim of a cyberattack by a third party. <\/span>
\nThe retail giant confirmed from April 26 to June 6, unnamed hackers stole their customer\u2019s email addresses, credit and debit card numbers, birthdays, addresses and other personal data.\u00a0 <\/span>
\nCyber attackers first gained access to thousands of Macy\u2019s customer usernames and passwords from an outside source and later applied the information to collect unprotected PII data from servers. <\/span>
\nHackers did not however gain entry to social security numbers, according to Macy\u2019s IT reps; nor did the data breach expose three-digit CVC information (numbers that appear on the backs of credit cards); yet, the thieves did acquire credit and debit card expiration dates.\u00a0 <\/span>
\nMacy\u2019s Negligence Provoked PII Data Breach<\/b>
\nCarroll\u2019s lawsuit asserts Macy\u2019s security measures set up to prevent PII breaches were \u201clackadaisical, cavalier, reckless, and negligent.\u201d The plaintiff also contends the company didn’t inform customers about the cyberattack in good time, as prudent businesses would have done under similar circumstances. <\/span>
\nLead attorney in this class action, Oscar M. Price IV, argues customers consent to Macy\u2019s storing their PII data in consideration for the company promising to protect the information from hackers, which assigns certain fiduciary duties and obligations to the defendant that were breached in this case. <\/span>
\nLarge retailers also recognize or should recognize that most data servers do not have autonomous encryption to protect PII from cyberattacks, placing this information in strong demand for hackers and vulnerable to identity theft; Macy\u2019s therefore held legal obligations to implement the best PII security measures available, according to Price. <\/span>
\nCarroll is prepared to offer economic evidence that shows the retailer sustained large profits from using millions of consumer PII in their marketing strategies and promotions, but the defendant recklessly chose to spend those profits to protect customer payment information only, disregarding PII security to save on data encryption expenses. <\/span>
\nThe plaintiff further asserts Macy\u2019s waited too long to tell customers a data breach took place. PII cyberattacks started in April; yet, Macy\u2019s IT department found the hacks only on June 11, giving the thieves over two weeks to collect PII info. <\/span>
\nA prompt notice would have enabled consumers to take affirmative action and mitigate damages by changing passwords and canceling credit cards, according to Carroll. <\/span>
\nData Breach Litigation Surges in America <\/b>
\nThe law defines PII as information that distinguishes or depicts a person\u2019s identity where when used alone or when combined with other PII can place an individual\u2019s confidential information\u00a0into an unprotected environment.\u00a0<\/span>
\nAccording to the FTC,\u00a0data breach litigation is on the rise in America and emerges in individual lawsuits and class action filings in federal and state courts. <\/span><\/p>\n(Source: https:\/\/www.ftc.gov\/system\/files\/documents\/public_comments\/2015\/10\/00027-97671.pdf)<\/span><\/a><\/pre>\nMost data breach victims file PII lawsuits to pursue remedies to cover damages from unjust enrichment, breach of fiduciary duty, negligence, res ipsa loquitur, and breach of contract; equitable remedies (injunctive relief or specific performance) are likewise available to data breach victims when they establish legal damages cannot remedy the defendant\u2019s wrongdoing.<\/span>
\nMoney damages arising from PII jury verdicts and data breach settlement awards often reimburse specific harm produced by the cyberattack:<\/span><\/p>\n\n- \n
\n- Fraudulent charges<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
\n- \n
\n- Cost to monitor credit scores <\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
\n- \n
\n- Cost to recover credit cards <\/span><\/li>\n
- Unjust enrichment indemnification<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
The courts further award PII victims general damages to cover the natural harm that occurs after a data breaches take place: <\/span><\/p>\n\n- \n
\n- Credit score damage<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
\n- \n
\n- Personal time to examine and to correct credit disputes, <\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
\n- \n
\n- Emotional distress <\/span><\/li>\n
- Future credit harm.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
Customers Claim Damages in Macy\u2019s PII Lawsuit<\/b>
\nCarroll allegedly used her PII to conduct multiple internet purchases at Macys.com between April and June and discontinued shopping at the online megastore only after the company notified her on June 7th that hackers stole her personal information.<\/span>
\nMacy\u2019s PII class action lawsuit alleges the cyberattack harmed over nine thousand Macy\u2019s customers, some of whom discovered hackers were trying to make fraudulent online purchases using their identities and stolen payment information. <\/span>
\nClass members in this lawsuit will subsequently face \u201cyears of constant surveillance of their financial and personal records, monitoring, and loss of rights,\u201d according to Price.<\/span>
\nCarroll is seeking at least $5 million in restitution on behalf of all class members. <\/span>
\nLegal damages will reimburse individuals for their personal time used to restore their PII security and for time spent to dispute negative credit charges appearing on their credit reports emanating from hackers successfully exploiting their identities to engage in fraudulent business transactions. <\/span>
\nThe courts may further award punitive damages if Price can prove Macy\u2019s deliberately chose to not secure its customer PII data and that the defendant\u2019s intentional act actually injured the plaintiffs.<\/span>
\nRetailer Responds to Macy\u2019s Class Action<\/b>
\nBefore this lawsuit, Macy\u2019s lorded about its promise to secure customer PII and payment information during online <\/span>purchases<\/span>.<\/span><\/p>\n(Source:\u00a0https:\/\/www.customerservice-macys.com\/app\/answers\/detail\/a_id\/360\/~\/security-policy)<\/span><\/a><\/pre>\nThe retailer went as far as disclosing on its website that safeguarding consumer data is a business priority, and that Macy\u2019s takes steps \u201cto protect the security of our customer\u2019s account information.\u201d <\/span>
\nMacy\u2019s issued an overt statement on July 8, publicly acknowledging the PII cyberattack and claiming that the theft only involved \u201ca small number of our customers at\u00a0macys.com\u00a0and\u00a0bloomingdales.com.\u201d<\/span><\/p>\n(Source: https:\/\/www.experian.com\/blogs\/ask-experian\/macys-bloomingdales-data-breach-what-you-need-to-know)<\/span><\/a><\/pre>\nExecutives further claimed its IT staff investigated the PII theft and has since implemented \u201cadditional security measures\u201d\u00a0only as a precaution. <\/span>
\nAs for Carroll and the thousands of potential class member who will join this Macy\u2019s class action lawsuit, the defendant\u2019s commitment to protect PII conclusively comes a little too late because their identities are already in the hand of thieves. <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"An Alabama resident filed a class-action complaint against Macy\u2019s in July after the retailer announced hackers broke into its secure database and stole personally identifiable information (PII) from its customers. Source: (https:\/\/www.classaction.org\/media\/carroll-v-macys-inc-et-al.pdf) Plaintiff, Anna Carroll, recorded her Macy\u2019s PII lawsuit in federal court, demanding the company pay damages for invasion of privacy and injuries sustained […]<\/p>\n","protected":false},"author":3,"featured_media":393,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[26,17],"tags":[19,27,28],"acf":[],"_links":{"self":[{"href":"https:\/\/www.claimsmatch.co\/wp-json\/wp\/v2\/posts\/392"}],"collection":[{"href":"https:\/\/www.claimsmatch.co\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.claimsmatch.co\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.claimsmatch.co\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.claimsmatch.co\/wp-json\/wp\/v2\/comments?post=392"}],"version-history":[{"count":0,"href":"https:\/\/www.claimsmatch.co\/wp-json\/wp\/v2\/posts\/392\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.claimsmatch.co\/wp-json\/wp\/v2\/media\/393"}],"wp:attachment":[{"href":"https:\/\/www.claimsmatch.co\/wp-json\/wp\/v2\/media?parent=392"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.claimsmatch.co\/wp-json\/wp\/v2\/categories?post=392"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.claimsmatch.co\/wp-json\/wp\/v2\/tags?post=392"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}