Filters Fast, LLC faces a proposed class action over a “massive data breach” that reportedly occurred between July 15, 2019 and July 10, 2020.
According to the case, the filtration product retailer’s negligence and failure to adopt reasonable security measures allowed cyber criminals to access the company’s computer system for nearly a year, install malicious code on its website and steal the personal and financial data of “millions of unsuspecting customers across the country.”
“Filters Fast’s negligent failure to meet industry standards of cyber security allowed this to happen,” the complaint scathes, claiming the defendant waited six months after discovering the breach to notify affected consumers. According to the case, a website data tracker predicted that more than 3.4 million customers shopped on Fast Filter’s website from February through July 2020, a timeframe in which the defendant was allegedly “fully aware of the then-unresolved data breach.”
Per the complaint, Filters Fast discovered a possible data security incident in February 2020. Thereafter, the case says, an investigation revealed hackers had added malicious code to the retailer’s website on July 15, 2019. The code allowed unauthorized parties to access, according to Filters Fast, at least 323,000 customers’ names, shipping and billing addresses, and payment card details during the checkout process, the suit alleges.
Despite being aware of the growing risk of data breaches, Filters Fast failed to take reasonable steps to protect customers’ information and timely detect the breach once it occurred, the lawsuit charges. After discovering the security breach, the defendant, according to the case, allowed its website to remain fully operational for five more months “without making any effort” to minimize customers’ exposure.
“Filters Fast chose to complete its internal investigation and develop a response rather than provide its customers with the information they needed to protect themselves against fraud and identity theft,” the complaint reads.
Per the case, the malicious code was removed during an unrelated website update on July 10, 2020, and the defendant waited until the following month to begin notifying affected customers.
According to the suit, Filters Fast’s failure to adhere to both industry standards for data security and the Federal Trade Commission’s guidelines for reasonable security practices, not to mention its decision to notify affected customers “at its own pace over the course of six months,” left victims “in the dark” and exposed to a heightened risk of identity theft and fraud.
“These decisions left millions of unaware customers exposed to the imminent and substantial risks inherent in a data breach, including the compromise and fraudulent use of their personal and Payment Data,” the complaint alleges.
The lawsuit contends that Filters Fast’s offer of 12 months of free credit monitoring is “woefully inadequate” to compensate those who were affected by the breach.
The case looks to cover anyone in the U.S. who had their credit or debit card data compromised as a result of the Filters Fast data breach, with proposed subclasses of Wisconsin and Maryland residents.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.