[BreachExchange] Walmart Faces Data-Breach Suit Under California Privacy Law (1)

[Destry Winant]

https://news.bloomberglaw.com/privacy-and-data-security/walmart-faces-data-breach-suit-under-californias-privacy-law

Walmart Inc. is accused in a proposed class action of violating
California’s privacy law by failing to protect customer data from an
alleged hack.

Customers face “significant injuries and damages,” such as having
their data on the dark web, as a result of a breach the complaint says
occurred, according to the suit filed in the U.S. District Court for
the Northern District of California.

California’s privacy law, which took effect Jan. 1, increases the risk
of payouts following security breaches because it added a private
right to sue and statutory damages of up to $750 per customer, per
incident.

Walmart joins dozens of companies sued under the law since it took
effect. Others include Salesforce.com Inc., Clearview AI Inc., Minted
Inc., and Sunshine Behavioral Health Group LLC.

Hackers allegedly accessed Walmart’s website to obtain names,
addresses, financial data, and other information, according to the
July 10 complaint, which didn’t specify when such an incident
occurred.

“The fact that Walmart’s systems are quite vulnerable to a hack
evidences that Walmart was hacked,” the plaintiff, Lavarious Gardiner,
wrote.

Plaintiffs in data breach cases must show harm to beat early
challenges to their claims. Gardiner wrote that the breach forced him
to incur out-of-pocket expenses and spend time and effort to limit
identity theft risks, according to the complaint.

Causes of Action: Violation of the California Consumer Privacy Act;
violation of the California Unfair Competition Law; negligence; breach
of implied contract; and breach of contract

Relief: Compensatory damages; order requiring reasonable security
practices; court costs; and attorneys’ fees

Potential Class Size: “At least in the thousands,” according to the complaint

Response: “Protecting our customers’ data is a top priority and
something we take very seriously,” a Walmart representative said in an
emailed statement. “We dispute the plaintiff’s allegations that the
failure of our systems played any role in the public disclosure of his
personally identifiable information.”

Walmart intends “to defend the company against the claims and will
respond as appropriate with the court,” according to the statement.

Attorneys: Wilshire Law Firm represents Gardiner. Counsel for Walmart
couldn’t be immediately identified.