PokerStars faces a proposed class action over a May 2023 data breach in which the personal information of roughly 110,000 people was stolen amid the cyberattack on the MOVEit file transfer service.
Want to stay in the loop on class actions that matter to you? Sign up forClassAction.org’s free weekly newsletter here.
The 15-page lawsuit says that around May 30, 2023, an “intruder” accessed PokerStars’ database and exfiltrated consumers’ names, dates of birth, home addresses, phone numbers, Social Security numbers and email addresses. The suit accuses the online poker platform of disregarding consumers’ privacy rights by negligently failing to implement adequate and reasonable measures to safeguard their personal information from unauthorized access, among other shortcomings.
“Prior to the Data Breach Incident, on information and belief, Defendant did not (i) encrypt or tokenize the sensitive [personally identifiable information] of Plaintiff and the Class members, (ii) delete such [personally identifiable information] that it no longer had reason to maintain, (iii) eliminate the potential accessibility of the [personally identifiable information] from the internet and its website where such accessibility was not justified, and (iv) otherwise review and improve the security of its network system that contained the [personally identifiable information].”
Media reports and the defendant’s own data breach notice indicate that the PokerStars data breach came amid the international cyberattack on the MOVEit file transfer service, which affected a litany of companies, including healthcare organizations. The company’s notice to consumers states that it is offering 24 months of complimentary Experian IdentityWorks identity theft protection.
According to the lawsuit, PokerStars did not begin to notify data breach victims that their information had been compromised until July 20. In its disclosure, PokerStars attempted to minimize the data breach, despite admitting that sensitive information had been compromised, the filing says.
“Contrary to the self-serving narrative in Defendant’s form notice, Plaintiff’s and Class members’ unencrypted information may end up for sale on the dark web and/or fall into the hands of companies that will use the detailed [personal information] for targeted marketing without the [sic] approval,” the case says.
The filing stresses that the ramifications of the PokerStars data breach are “long lasting and severe” given that once personal information, particularly Social Security numbers, is stolen, the fraudulent use of that data may continue for years.
The lawsuit looks to cover all persons whose personally identifiable information was accessed and/or exfiltrated during the PokerStars data breach that occurred on or around May 30, 2023.
Get class action lawsuit news sent to your inbox – sign up forClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed cancer, endometriosis or reproductive problems after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.