Law(s)
State(s)
New York
PokerStars faces a proposed class action over a May 2023 data breach in which the personal information of roughly 110,000 people was stolen amid the cyberattack on the MOVEit file transfer service.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here .
The 15-page lawsuit says that around May 30, 2023, an “intruder” accessed PokerStars’ database and exfiltrated consumers’ names, dates of birth, home addresses, phone numbers, Social Security numbers and email addresses. The suit accuses the online poker platform of disregarding consumers’ privacy rights by negligently failing to implement adequate and reasonable measures to safeguard their personal information from unauthorized access, among other shortcomings. “Prior to the Data Breach Incident, on information and belief, Defendant did not (i) encrypt or tokenize the sensitive [personally identifiable information] of Plaintiff and the Class members , (ii) delete such [personally identifiable information] that it no longer had reason to maintain, (iii) eliminate the potential accessibility of the [personally identifiable information] from the internet and its website where such accessibility was not justified, and (iv) otherwise review and improve the security of its network system that contained the [personally identifiable information].” Media reports and the defendant’s own data breach notice indicate that the PokerStars data breach came amid the international cyberattack on the MOVEit file transfer service , which affected a litany of companies, including healthcare organizations. The company’s notice to consumers states that it is offering 24 months of complimentary Experian IdentityWorks identity theft protection.
According to the lawsuit, PokerStars did not begin to notify data breach victims that their information had been compromised until July 20. In its disclosure, PokerStars attempted to minimize the data breach, despite admitting that sensitive information had been compromised, the filing says.
“Contrary to the self-serving narrative in Defendant’s form notice, Plaintiff’s and Class members’ unencrypted information may end up for sale on the dark web and/or fall into the hands of companies that will use the detailed [personal information] for targeted marketing without the [sic] approval,” the case says.
The filing stresses that […]
Click here to view original web page at www.classaction.org
