A proposed class action lawsuit filed against Under Armour, Inc. has found its way into federal court in California. The lawsuit, initially filed in Los Angeles County court, seeks damages for a data breach in which the personal and financial information of roughly 150 million MyFitnessPal app users was obtained by an “unauthorized third party” in what the case calls one of the largest data breaches to date. Citing alleged violations of California’s unfair competition law, the lawsuit claims the data breach, reportedly discovered by Under Armour on March 25, 2018, exposed MyFitnessPal users’ email addresses, passwords, full names, addresses, and credit and debit card numbers.
The 52-page lawsuit describes the defendant’s MyFitnessPal and MapMyFitness apps as trackers for those looking to meet fitness goals or keep a log of certain health information. In addition to collecting users’ email addresses for the apps, Under Armour also stores credit and debit card numbers of users looking to access premium features, such as a no-ad experience. According to the plaintiff, Under Armour should be held responsible for failing to have in place “reasonable security procedures and practices” to protect users’ data, especially given today’s climate of sensitivity toward how big companies handle and safeguard consumers’ information.
“The ramification of Under Armour’s failure to keep [the plaintiff] and Class Members’ data secure is severe,” the case states.