StockX Prepares to Defend Itself Against a Data-Breach Class-Action Lawsuit

StockX Prepares to Defend Itself Against a Data-Breach Class-Action Lawsuit

StockX, a sneaker resale website, is involved in another class-action lawsuit because of a security data breach that happened last year. In May of 2019, over 6.8 million user accounts were hacked, and their personal information was sold on the dark web to buyers for $300.

Buyers had access to real names, usernames and passwords, credit and debit card accounts, and shoe sizes.

StockX took a long time after the security breach to make an official announcement on the website. At the time, StockX was worth $1 Billion after an additional round of funding from the selling of series C stock funding, which garnered the company an extra $110 million in funds through GGV Capital.

On August 3, 2019, StockX finally posted a message about the third-party hack on their website. The hackers had accessed email addresses, shipping addresses, purchase history, and secret passwords. A trove of customer data was available to hackers.

Customer Notification

The company told its customers not to be too concerned. It had taken precautionary measures to update its systems after discovering the hack on July 26, 2019. Scott Cutler, the CEO of StockX, apologized to consumers through an email concerning the security breach.

In the letter that was emailed to customers, the CEO had acknowledged that the investigations were ongoing. On July 26, 2019, StockX was alerted to suspicious activity regarding customer data on its website. The company launched a full-scale investigation with third-party experts.

Through the investigation, the company decided to do a full username and password reset of all customer data as part of the security measures. Customers were notified about the system reset on August 1.

As part of the investigation, the company contacted forensic experts and law enforcement. The full scope and extent of the incident remained under investigation.

The CEO said that customers’ most sensitive data was not available to hackers — like their credit and debit card numbers. Customers went to Twitter to voice their concerns and frustration. Hackers had stolen customers’ credit card data and made fraudulent purchases through their accounts.

The Letter

Scott Cutler stated through his letter; it would be highly improbable that the hackers could readily access customers’ financial data. Financial data and credit card payments are not stored on the company’s network servers.

Instead, StockX uses a third-party processor to host, store, and process payments. There is not any evidence that the third-party processor was involved in the hacking incident.

Besides informing customers to reset their accounts, the company took the initiative to inform customers that some system-enhancing functions were already underway like:

  • System-wide security wipeout and updates

  • Rotations on all servers and devices

  • Closing and lockdown for cloud computing functions

StockX offered its customers free 12 months of identity theft and fraud protection, which included $1,000,000 of insurance reimbursement and CyberScan services.

The Class-Action Lawsuit

Customer plaintiffs have filed a class-action lawsuit in the Eastern District of Michigan since StockX company headquarters are in Detroit, Michigan. The plaintiffs allege that StockX failed to keep their information private by delving into deception.
Some of the plaintiffs include:

  • Johnny Sacasas

  • An unnamed minor

  • Chad Bolling

  • Richard Harrington

  • Anthony Giampetro

  • Adam Foote

  • Kwadwo Kissi

The plaintiffs are seeking monetary damages that the court deems proper. The hack happened in May 2019, and the plaintiffs did not receive notification until August 2019.

During that time, people made fraudulent sneaker purchases on their accounts, and their identities were stolen. The unnamed minor is the person who notified the company about the suspicious activity that was happening on the website.

Josh Luber

Josh Luber, a StockX co-founder, has decided to leave the company this week. He did make a statement about the data breach. Luber said that the company did not initially know about the hack.

However, the company did disclose details about the security breach as soon as the initial evidence was available — customers were to reset their accounts immediately. Josh Luber plans on starting another technology company in the future.

Lawsuit Dismissal

StockX said that the lawsuit is invalid and seeks to have it dismissed. Customers must agree to the terms of service upon account sign-up. They should seek mediation and arbitration before engaging in wide-scale class-action lawsuits. Customers waive their rights for a jury trial.

To have a valid claim, customers must opt-out of the terms of service and initiate individual lawsuits so that they can obtain proper relief. The plaintiffs petitioned the court on August 26 that arbitration legal proceedings be dismissed because they are unconscionable. StockX must file a response by September 30.

Other Featured Posts

Fired Bloomberg Staffers File a Class-Action Lawsuit Against the Billionaire

One of the more unusual political developments in American history was the brief rise and fall of Michael Bloomberg. The billionaire showered hundreds of millions of dollars in his attempt to win th...


Catastrophic Wildfires Spark Class-Action Lawsuits Against Pacific Corporation

Labor Day catastrophic fires have raged out of control in Oregon. The plaintiffs, Robin Colbert and Jeanyne James, have filed a class-action lawsuit in the Multnomah County Circuit Court. They lo...


Future Criminal Cases May Be Heavily Affected by This Change to Riot Law

One of the biggest questions in law is what constitutes a crime. Does a person break the law the second they start planning a violent act or do they only break the law when they actually commit the act?...


Google Is Getting Set to Be Sued Once Again By States for Alleged Antitrust Violations

It seems these days as if Big Tech is hurtling from one lawsuit to the next as shareholders have begun to worry about their continued survival in light of the mounting legal worries. State...