StockX Prepares to Defend Itself Against a Data-Breach Class-Action Lawsuit

StockX Prepares to Defend Itself Against a Data-Breach Class-Action Lawsuit

StockX, a sneaker resale website, is involved in another class-action lawsuit because of a security data breach that happened last year. In May of 2019, over 6.8 million user accounts were hacked, and their personal information was sold on the dark web to buyers for $300.

Buyers had access to real names, usernames and passwords, credit and debit card accounts, and shoe sizes.

StockX took a long time after the security breach to make an official announcement on the website. At the time, StockX was worth $1 Billion after an additional round of funding from the selling of series C stock funding, which garnered the company an extra $110 million in funds through GGV Capital.

On August 3, 2019, StockX finally posted a message about the third-party hack on their website. The hackers had accessed email addresses, shipping addresses, purchase history, and secret passwords. A trove of customer data was available to hackers.

Customer Notification

The company told its customers not to be too concerned. It had taken precautionary measures to update its systems after discovering the hack on July 26, 2019. Scott Cutler, the CEO of StockX, apologized to consumers through an email concerning the security breach.

In the letter that was emailed to customers, the CEO had acknowledged that the investigations were ongoing. On July 26, 2019, StockX was alerted to suspicious activity regarding customer data on its website. The company launched a full-scale investigation with third-party experts.

Through the investigation, the company decided to do a full username and password reset of all customer data as part of the security measures. Customers were notified about the system reset on August 1.

As part of the investigation, the company contacted forensic experts and law enforcement. The full scope and extent of the incident remained under investigation.

The CEO said that customers’ most sensitive data was not available to hackers — like their credit and debit card numbers. Customers went to Twitter to voice their concerns and frustration. Hackers had stolen customers’ credit card data and made fraudulent purchases through their accounts.

The Letter

Scott Cutler stated through his letter; it would be highly improbable that the hackers could readily access customers’ financial data. Financial data and credit card payments are not stored on the company’s network servers.

Instead, StockX uses a third-party processor to host, store, and process payments. There is not any evidence that the third-party processor was involved in the hacking incident.

Besides informing customers to reset their accounts, the company took the initiative to inform customers that some system-enhancing functions were already underway like:

  • System-wide security wipeout and updates

  • Rotations on all servers and devices

  • Closing and lockdown for cloud computing functions

StockX offered its customers free 12 months of identity theft and fraud protection, which included $1,000,000 of insurance reimbursement and CyberScan services.

The Class-Action Lawsuit

Customer plaintiffs have filed a class-action lawsuit in the Eastern District of Michigan since StockX company headquarters are in Detroit, Michigan. The plaintiffs allege that StockX failed to keep their information private by delving into deception.
Some of the plaintiffs include:

  • Johnny Sacasas

  • An unnamed minor

  • Chad Bolling

  • Richard Harrington

  • Anthony Giampetro

  • Adam Foote

  • Kwadwo Kissi

The plaintiffs are seeking monetary damages that the court deems proper. The hack happened in May 2019, and the plaintiffs did not receive notification until August 2019.

During that time, people made fraudulent sneaker purchases on their accounts, and their identities were stolen. The unnamed minor is the person who notified the company about the suspicious activity that was happening on the website.

Josh Luber

Josh Luber, a StockX co-founder, has decided to leave the company this week. He did make a statement about the data breach. Luber said that the company did not initially know about the hack.

However, the company did disclose details about the security breach as soon as the initial evidence was available — customers were to reset their accounts immediately. Josh Luber plans on starting another technology company in the future.

Lawsuit Dismissal

StockX said that the lawsuit is invalid and seeks to have it dismissed. Customers must agree to the terms of service upon account sign-up. They should seek mediation and arbitration before engaging in wide-scale class-action lawsuits. Customers waive their rights for a jury trial.

To have a valid claim, customers must opt-out of the terms of service and initiate individual lawsuits so that they can obtain proper relief. The plaintiffs petitioned the court on August 26 that arbitration legal proceedings be dismissed because they are unconscionable. StockX must file a response by September 30.

How to Boost Credit Score to Get Lower Car Payments...

One of the biggest challenges for a person who has low income is getting a low car payment. The individual may have a credit score that isn't in the gutter, but the top lenders still won't touch him. The subprime lenders ...


Billions of Assets Go Unclaimed Each Year!...

If you have ever moved, changed jobs, filed a tax return, or had a relative pass away; there’s a good chance you have unclaimed assets. Unclaimed money consists of billions of dollars that have been abandoned at financial ...


Settlement Opportunities For You and Your Family...

If you have been injured by any of the following products, you may be entitled to compensation for your suffering. Each of the instances below allow for a free case evaluation: 1. Injury Settlements People get injured eve...


4 Tips for Holiday Wellness...

We generally turn around and focus on our wellness after New Year's as part of our annual resolutions. However, first we have to make it through the holidays. When our minds are so distracted with shopping and other holiday-related matters, we g...