Bonobos Exposure of Customer Information Class Action

This class action brings suit because of yet another data breach. The complaint alleges that Bonobos, Inc. did not take adequate precautions to safeguard customer information and therefore bears responsibility for the exposure of data.

The class for this action is all those who live in the US whose private information was compromised in the Bonobos data breach.

The complaint states, flatly, “Any e-commerce provider—indeed, any business which collects Private Information—is well aware of the risk of security breaches and the need to ensure a robust system of safeguarding against security breaches.”

Bonobos began as an online upscale clothing store for men. It eventually established around sixty physical locations. Walmart bought the company in 2017 so that it could sell the company’s clothing on its Jet.com website.

The data breach occurred in January 2021. At that time, the complaint says, “a threat actor known as ShinyHunters, who is notorious for hacking online services and selling stolen databases, posted Bonobos’ private database to a hacker forum. The leaked database included a ’70 GB SQL file’ containing various internal tables used by the Bonobos website.” The leaked data included customer addresses, order information, and partial credit card numbers, and password histories.

The complaint alleges, “On information and belief, the threat actor also turned the cracked passwords into a list used in credential stuffing attacks, which involves utilizing the log in information using the stolen credentials to access other websites.”

Bonobos claimed that the hackers gained access only to a backup file in the cloud, not to its internal systems. It said it was taking steps to protect accounts, such as requiring password resets, and that payment information was not affected. However, the complaint alleges that private customer information was stolen and could be used for “identity theft and fraudulent purchases,” among other things.

Because data breaches have become such a large problem, the Federal Trade Commission (FTC) and other groups have put out security guidelines and standards for companies to follow to secure their information. The complaint cites the FTC’s Protecting Personal Information: A Guide for Business as one example.

The FTC’s publication recommends, among other things, that businesses limit who can access sensitive data; require complex passwords to be used on networks; use industry-tested methods to ensure security and avoid hacking; monitor for suspicious activity on the network; ensure coding in software used by the business is secure; test systems for common security vulnerabilities and verify that third-party service providers have implemented reasonable security measures.”

The complaint alleges that Bonobos did not take adequate security precautions to protect its customers’ data.

According to the complaint, Bonobos “does not claim that it complies with the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS … sets out measures that should be taken to ensure data security in relation to online financial transactions.”

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Bonobos Exposure of Customer Information Complaint

January 29, 2021

This class action brings suit because of yet another data breach. The complaint alleges that Bonobos, Inc. did not take adequate precautions to safeguard customer information and therefore bears responsibility for the exposure of data.

Bonobos Exposure of Customer Information Complaint

Case Event History

Bonobos Exposure of Customer Information Complaint

January 29, 2021

This class action brings suit because of yet another data breach. The complaint alleges that Bonobos, Inc. did not take adequate precautions to safeguard customer information and therefore bears responsibility for the exposure of data.

Bonobos Exposure of Customer Information Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy