[BreachExchange] Sprouts Data Breach Class Action Lawsuits Consolidated in Arizona

Audrey McNeil audrey at riskbasedsecurity.com
Tue Oct 11 19:38:22 EDT 2016


https://topclassactions.com/lawsuit-settlements/lawsuit-
news/346589-sprouts-data-breach-class-action-lawsuits-consolidated-arizona/

A group of class action lawsuits alleging that Sprouts, a natural foods
store chain, released W-2 information about its employees as part of a
phishing scam were consolidated by the Judicial Panel on Multidistrict
Litigation.

According to the class actions, a Sprouts payroll employee received an
email believed to be from a senior executive of the company allegedly
asking for the 2015 W-2 statements from all company employees.

The payroll employee allegedly compiled the requested information and
reportedly sent it off in an email before the company realized that the
email was actually a phishing scam.

According to the class actions, 21,000 employees’ W-2s from 2015 were
released to an unknown party.

The complaints allege that Sprouts exposed workers to potential identity
theft and compromised their personal information.

Three class actions were filed in California and fourth in Arizona after
the alleged data breach.

The JPML determined that Arizona would be the most convenient state to hear
the consolidated class action since Sprouts’ corporate office is located in
Phoenix.

“Sprouts is headquartered in this district, and the witnesses and documents
relevant to the facts of this litigation are located there,” said the panel
in their decision. Sprouts also supported hearing the case in Arizona.

According to a class action lawsuit filed by plaintiff Julio Hernandez,
Sprouts employees’ “private tax information and Social Security numbers
were compromised, placing them at an increased risk of fraud and identity
theft and causing direct financial expenses associated with
credit-monitoring, replacement of compromised credit, debit and bank card
numbers, and other measures needed to protect against the misuse of their
private tax information.”

Sprouts offered its employees one year of credit monitoring, but the
plaintiffs claimed that this won’t be enough to protect them from identity
theft.

Hernandez alleged that he had to pay for identity theft protection, since
credit monitoring by itself is allegedly inadequate given the circumstances.

Sprouts is a natural foods grocery store with 220 locations around the
country.

The class action plaintiffs allege that Sprouts did not provide adequate
measures to secure employees’ private information and the data breach was a
result of negligence.

The plaintiffs further claim that Sprouts should have maintained a system
that would recognize phishing scams like the one that exposed 21,000
employees’ W-2 forms.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161011/9b7527e3/attachment.html>


More information about the BreachExchange mailing list