Claire’s Website Malware Sent Customer Information Outside Class Action

This class action concerns another data breach, via the use of malware, bringing suit against Claire’s Stores, Inc., Claire’s Boutiques, Inc., and CBI Distributing Corp. In this case, the complaint also alleges the breach was neither discovered nor announced in a timely manner.

The Nationwide Class for this action is all individuals whose PII was compromised in the data breach announced by Claire’s on July 7, 2020. A Tennessee Subclass has also been defined, including all persons living in Tennessee whose PII was compromised in the data breach announced by Claire’s on July 7, 2020.

Claire’s sells inexpensive jewelry and accessories to girls and young women. It operates stores under the brand names Claire’s and Icing and also sells merchandise online.

The company’s website assures customers, “We take data privacy very seriously and work super hard to protect your personal information.” It also claimed to “use encryption to protect sensitive information transmitted online…”

The data breach apparently began around April 7, 2020 and continued until June 12, 2020. The hackers infected the website with malware, Claire’s says, that was capable of obtaining information entered by customers during the checkout process and sending it out of the Claire’s system.”

In this manner, they were able to obtain personally identifiable information (PII) on customers, including customers’ full names, addresses, telephone numbers, payment card numbers, CVV security codes, and expiration dates.

The complaint alleges that this PII “was compromised due to [Claire’s] negligent and/or careless acts and omissions and the failure to protect customers’ data. In addition to their failure to prevent the Data Breach, [Claire’s] failed to detect and report the breach for months.”

In fact, Claire’s did not discover the data breach at all. They investigated only after a third party contacted them on June 11. 2020 and told them that Claires.com and Icing.com had been hacked.

The outside security firm the company hired to investigate determined that the bricks-and-mortar locations’ systems were not involved. However, the complaint alleges that the company did not begin notifying customers until around July 7, three months after the breach had begun.

Thus, the complaint claims, Claire’s wronged its customer in three ways, by failing to “(i) adequately protect its users’ PII, (ii) warn users of its inadequate information security practices, and (iii) effectively monitor [its] websites and ecommerce platforms for security vulnerabilities and incidents. [Claire’s] conduct amounts to negligence and violates federal and state statutes.”

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Claire’s Website Malware Sent Customer Information Outside Complaint

September 18, 2020

This class action concerns another data breach, via the use of malware, bringing suit against Claire’s Stores, Inc., Claire’s Boutiques, Inc., and CBI Distributing Corp. In this case, the complaint also alleges the breach was neither discovered nor announced in a timely manner.

Claire’s Website Malware Sent Customer Information Outside Complaint

Case Event History

Claire’s Website Malware Sent Customer Information Outside Complaint

September 18, 2020

This class action concerns another data breach, via the use of malware, bringing suit against Claire’s Stores, Inc., Claire’s Boutiques, Inc., and CBI Distributing Corp. In this case, the complaint also alleges the breach was neither discovered nor announced in a timely manner.

Claire’s Website Malware Sent Customer Information Outside Complaint
Tags: Exposing Private Information, Exposure to cyber crime