Michigan-based golf equipment retailer Carl’s Golfland has been hit with a proposed class action stemming from a data breach that reportedly lasted from March 25 to July 14, 2019.
According to the suit out of Illinois federal court, the Carl’s Golfland website was hacked by an unauthorized third party who gained access to customers’ credit card and personal information, some of which was used to make fraudulent purchases. As a result, the case says, customers spent considerable time and money monitoring their accounts, freezing their accounts, and attempting to correct any fraudulent charges.
Carl’s Golfland allegedly discovered the breach through a bank inquiry in June yet failed to act until the following month. Moreover, the defendant is said to have failed to notify customers until August, which the lawsuit contends prolonged customers’ exposure to potential credit card fraud.
The suit alleges that the defendant was negligent in that it failed to properly secure users’ information and alert customers to the breach in a timely fashion as required by Michigan law.
The lawsuit seeks to represent a class of everyone in the United States whose information was exposed in the breach.