StockX Prepares to Defend Itself Against a Data-Breach Class-Action Lawsuit

Mary Singleton
Published Nov 13, 2023

StockX, a sneaker resale website, is involved in another class-action lawsuit because of a security data breach that happened last year. In May of 2019, over 6.8 million user accounts were hacked, and their personal information was sold on the dark web to buyers for $300.

Buyers had access to real names, usernames and passwords, credit and debit card accounts, and shoe sizes.

StockX took a long time after the security breach to make an official announcement on the website. At the time, StockX was worth $1 Billion after an additional round of funding from the selling of series C stock funding, which garnered the company an extra $110 million in funds through GGV Capital.

On August 3, 2019, StockX finally posted a message about the third-party hack on their website. The hackers had accessed email addresses, shipping addresses, purchase history, and secret passwords. A trove of customer data was available to hackers.
 

Customer Notification


The company told its customers not to be too concerned. It had taken precautionary measures to update its systems after discovering the hack on July 26, 2019. Scott Cutler, the CEO of StockX, apologized to consumers through an email concerning the security breach.

In the letter that was emailed to customers, the CEO had acknowledged that the investigations were ongoing. On July 26, 2019, StockX was alerted to suspicious activity regarding customer data on its website. The company launched a full-scale investigation with third-party experts.

Through the investigation, the company decided to do a full username and password reset of all customer data as part of the security measures. Customers were notified about the system reset on August 1.

As part of the investigation, the company contacted forensic experts and law enforcement. The full scope and extent of the incident remained under investigation.

The CEO said that customers' most sensitive data was not available to hackers - like their credit and debit card numbers. Customers went to Twitter to voice their concerns and frustration. Hackers had stolen customers' credit card data and made fraudulent purchases through their accounts.
 

The Letter


Scott Cutler stated through his letter; it would be highly improbable that the hackers could readily access customers' financial data. Financial data and credit card payments are not stored on the company's network servers.

Instead, StockX uses a third-party processor to host, store, and process payments. There is not any evidence that the third-party processor was involved in the hacking incident.

Besides informing customers to reset their accounts, the company took the initiative to inform customers that some system-enhancing functions were already underway like:
 

  • System-wide security wipeout and updates

  • Rotations on all servers and devices

  • Closing and lockdown for cloud computing functions





  •  


StockX offered its customers free 12 months of identity theft and fraud protection, which included $1,000,000 of insurance reimbursement and CyberScan services.
 

The Class-Action Lawsuit


Customer plaintiffs have filed a class-action lawsuit in the Eastern District of Michigan since StockX company headquarters are in Detroit, Michigan. The plaintiffs allege that StockX failed to keep their information private by delving into deception.
Some of the plaintiffs include:
 

  • Johnny Sacasas

  • An unnamed minor

  • Chad Bolling

  • Richard Harrington

  • Anthony Giampetro

  • Adam Foote

  • Kwadwo Kissi





  •  


The plaintiffs are seeking monetary damages that the court deems proper. The hack happened in May 2019, and the plaintiffs did not receive notification until August 2019.

During that time, people made fraudulent sneaker purchases on their accounts, and their identities were stolen. The unnamed minor is the person who notified the company about the suspicious activity that was happening on the website.
 

Josh Luber


Josh Luber, a StockX co-founder, has decided to leave the company this week. He did make a statement about the data breach. Luber said that the company did not initially know about the hack.

However, the company did disclose details about the security breach as soon as the initial evidence was available - customers were to reset their accounts immediately. Josh Luber plans on starting another technology company in the future.
 

Lawsuit Dismissal


StockX said that the lawsuit is invalid and seeks to have it dismissed. Customers must agree to the terms of service upon account sign-up. They should seek mediation and arbitration before engaging in wide-scale class-action lawsuits. Customers waive their rights for a jury trial.

To have a valid claim, customers must opt-out of the terms of service and initiate individual lawsuits so that they can obtain proper relief. The plaintiffs petitioned the court on August 26 that arbitration legal proceedings be dismissed because they are unconscionable. StockX must file a response by September 30.
 

Related Articles

Billions of Assets Go Unclaimed Each Year!...

If you have ever moved, changed jobs, filed a tax return, or had a relative pass away; there's a good chance you have unclaimed assets. Unclaimed money consists of billions of dollars that have been abandoned at financia...

How to Get Your Forgotten or Lost Money without Breaking the Bank...

Everyone knows that feeling of frantically searching for something you know you had just a second ago. You look in all the usual places, but you give up, resigned to the fact that you'll never see...

Everything You Need to Know about Finding Unclaimed Funds...

There is a good chance that you have money waiting for you, and you don't even know it exists. The money is called unclaimed funds, and it's sitting there waiting for you to claim. However, finding...

Discover Your Hidden Treasure: Reclaiming Lost Funds in Alaska...

Alaska’s Unclaimed Property Law requires financial institutions, insurance companies, corporations, businesses, and certain other entities to report and submit their customers’ property to the...

Unclaimed Property May be the Ultimate in Unclaimed Funds...

More and more people are exploring the world of unclaimed funds, hoping that a quick search online will lead them to some money in their name somewhere. What many of these folks don't realize is unclaimed fund...

How to Tell Whether an Unclaimed Asset Site is Legitimate or Not...

The unclaimed asset industry is a huge industry with tens of billions of dollars up for grabs. Naturally, this attracts scammers. Among them, there are two main types. The first steals your information...