Zynga Exposure of Users’ PII Class Action

Zynga, Inc. had approximately 173 million separate accounts on the date of its recent data breach, September 12, 2019. The complaint for this class action claims that it’s bringing suit against the company “to secure redress against Zynga for their reckless and negligent violations of customer privacy rights” in connection with the data breach.

The class for this action is all persons living in the US, including in the District of Columbia, whose PII was disclosed in the Zynga data breach.

Zynga offers games to customers on mobile and social networking platforms, including Words with Friends, Farmville, and Zynga Poker. Most of the games are free, with Zynga earning profits through in-app advertising and purchases and, the complaint says, “by collecting its users’ PII” or personally identifiable information.

Before users can download games, they must create accounts for themselves with their full names, e-mail addresses, and genders. Alternatively, they can link their Zynga accounts with their Facebook accounts. According to the complaint, “Zynga collects and retains its users’ full names, passwords, password reset tokens, phone numbers, Facebook IDs, and Zynga account IDs. In the event that a consumer makes an in-app purchase and provides financial information to Zynga, Zynga retains that information as well.”

The complaint quotes Zynga’s privacy policy as saying that the company will “implement reasonable and appropriate security measures to help protect the security of your information both online and offline and to ensure that your data is treated securely.”

On or before the date in question, September 12, 2019, a hacker called Gnosticplayers was able to gain access to Zynga’s data. Gnosticplayers was able to obtain information for 173 accounts for users of Words with Friends.

According to the complaint, Zynga did not send victims e-mails or other messages notifying them of the data breach; instead, it says, “Zynga only posted a ‘Player Security Announcement’ to its website on September 12, 2019, stating that ‘certain player account information may have been illegally accessed by outside hackers.’”

The complaint claims that it’s likely that “only a minority of Zynga’s users know that their PII has been illegally accessed by hackers. There is simply no reason for a user to access the Zynga website when using a mobile application, and so most Zynga users never come across this ‘Player Security Announcement.’” It is therefore likely, the complaint says, that most users will only find out about the data breach if they visit the website using a browser or notice instances of fraud or identity theft: “By then, it is too late to take protective measures.”

The complaint alleges that the information was poorly protected, with inadequate encryption. The counts include breaches of contract and negligence, among other things.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Zynga Exposure of Users’ PII Complaint

June 9, 2020

Zynga, Inc. had approximately 173 million separate accounts on the date of its recent data breach, September 12, 2019. The complaint for this class action claims that it’s bringing suit against the company “to secure redress against Zynga for their reckless and negligent violations of customer privacy rights” in connection with the data breach.

Zynga Exposure of Users’ PII Complaint

Case Event History

Zynga Exposure of Users’ PII Complaint

June 9, 2020

Zynga, Inc. had approximately 173 million separate accounts on the date of its recent data breach, September 12, 2019. The complaint for this class action claims that it’s bringing suit against the company “to secure redress against Zynga for their reckless and negligent violations of customer privacy rights” in connection with the data breach.

Zynga Exposure of Users’ PII Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy