Slickwraps Electronic “Skins” Data Breach Class Action

Slickwraps, Inc. touted itself as the “premier source for quality consumer electronics protection and accessories.” But it appears to have done less well with a different aspect of electronics—that is, security. The complaint for this class action holds the company responsible for its recent data breach, alleging that it knew it “had comically bad security…”

The National Class for this action is all persons whose PII was compromised in the data breach announced by Slickwraps around February 21, 2020. A California Subclass has also been proposed for those living in California.

The complaint alleges that this case “does not involve the typical data security incident.” It quotes from an article entitled “Slickwraps Apologizes to Customers After Comically Bad Data Breach” to claim the company knew it “had comically bad security, leaving it both wide open to breaches like this and flat-footed when it came to responding to any concerns brought to its attention.”

Slickwraps sells its vinyl skins—which may be pre-made and customized—through brick-and-mortar stores, e-commerce platforms, and its own website.

The complaint alleges, “To say that Slickwraps ‘suffered’ a data breach is, to put it mildly, being charitable. Slickwraps was well aware that it had lax data security measures and did absolutely nothing to prevent the very kind of cyber incident that occurred.” The data breach that occurred in February 2020, it says, revealed the information of around 858,000 customers, including names, physical addresses, phone numbers, purchase histories, and e-mail addresses.

According to the complaint, “on February 21, 2020, a cyber security analyst going by the name Lynx0x00 announced in a blog post that it had accessed the personal information of Slickwraps customers.” How? “Slickwraps’ phone case customization page had a vulnerability that allowed anyone to ‘upload any file to any location on the highest directory on their server.’” This allowed access to the company’s entire network. The available information included customer photos, administrative information, addresses, and so on.

The complaint claims that Lynx0x00 was “attempt[ing] to alert Slickwraps to the danger its lack of network security posed to the PII of its customers. However, Slickwraps repeatedly and brazenly ignored these warnings, twice blocking Lynx0x00 for reaching out and trying to report the vulnerability.”

After that, a second party accessed the PII of Slickwraps customers, then used the e-mail addresses of over 377,000 of them to tell them that their PII had been compromised. Some of these customers posted the e-mail to Twitter.

However, the complaint says that Slickwraps did not bother to notify customers that their information had been compromised until February 21, 2020. (Weirdly, it claimed that the discovery had been made on the following date, February 22.)

The complaint claims that Slickwraps failed to comply with Federal Trade Commission guidelines for protecting information. It alleges negligence, negligence per se, intrusion into private affairs, and breach of implied contract, among other things.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Slickwraps Electronic “Skins” Data Breach Complaint

March 12, 2020

Slickwraps, Inc. touted itself as the “premier source for quality consumer electronics protection and accessories.” But it appears to have done less well with a different aspect of electronics—that is, security. The complaint for this class action holds the company responsible for its recent data breach, alleging that it knew it “had comically bad security…”

Slickwraps Electronic “Skins” Data Breach Complaint

Case Event History

Slickwraps Electronic “Skins” Data Breach Complaint

March 12, 2020

Slickwraps, Inc. touted itself as the “premier source for quality consumer electronics protection and accessories.” But it appears to have done less well with a different aspect of electronics—that is, security. The complaint for this class action holds the company responsible for its recent data breach, alleging that it knew it “had comically bad security…”

Slickwraps Electronic “Skins” Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime