Five Below, Inc. is on the receiving end of a proposed class action lawsuit centered on its alleged failure to properly safeguard online customers’ payment card and other personally identifiable information from a data breach.
The 44-page case out of Pennsylvania’s Eastern District states that while Five Below first became aware of the cyber incident on January 11, 2019, the five-dollar-and-under retailer waited a little more than a month to inform consumers that their information had been compromised. The customer data affected by the breach, the case says, included names, addresses, and credit card numbers, expiration dates, and security codes.
Five Below, the plaintiff argues, “disregarded the rights” of proposed class members by failing to take “adequate and reasonable” measures to ensure online customer data was protected. Moreover, the case chides Five Below for its alleged failure to properly disclose that class members’ data had been compromised by an unauthorized third party.
“As a result of Defendant’s basic failures Plaintiff and Class members now face an increased risk of identity theft and will have to spend significant amounts of time and money to protect themselves,” the case reads.