As if the Equifax and Capital One fiascos weren’t enough, “stock market of things” operator StockX, LLC now faces a proposed class action lawsuit over its own data breach. The e-commerce platform, according to the 19-page lawsuit, was the subject of a May 2019 cyber incident during which users’ names, email addresses, account information, and other personal data were reportedly stolen by a hacker.
StockX, the lawsuit explains, operates what it calls the “stock market of things,” an e-commerce hub that works in a manner similar to the stock market. StockX’s bread and butter is the buying and selling of like-new sneakers, watches, handbags, and “street wear” for current market value, the case says.
“The platform works by buyers undercutting each other in a fashion similar to the stock market,” the complaint explains, “eventually causing limited items to lose all value.”
The lawsuit alleges that in May 2019, a hacker stole from the defendant’s website more than 6.8 million records containing users’ names, email addresses, passwords, account information, and even the type of device they use. Despite knowing users’ data had been compromised, StockX allegedly failed to inform them of the breach and instead “tried to hide the fact” by asking users to update their passwords, citing “system updates.”
According to the case, news of the breach came to light when an “unnamed data breached seller” contacted technology publication TechCrunch.com and disclosed that the records had been stolen and sold on the dark web. StockX admitted to the existence of a security breach on its website following the publication of TechCrunch’s report, the case says.
The lawsuit argues that proposed class members’ personal information will now potentially be available on the black market “for many years into the future,” subjecting them to a heightened risk of identity theft and fraud.