StockX Prepares to Defend Itself Against a Data-Breach Class-Action Lawsuit

StockX Prepares to Defend Itself Against a Data-Breach Class-Action Lawsuit

StockX, a sneaker resale website, is involved in another class-action lawsuit because of a security data breach that happened last year. In May of 2019, over 6.8 million user accounts were hacked, and their personal information was sold on the dark web to buyers for $300.

Buyers had access to real names, usernames and passwords, credit and debit card accounts, and shoe sizes.

StockX took a long time after the security breach to make an official announcement on the website. At the time, StockX was worth $1 Billion after an additional round of funding from the selling of series C stock funding, which garnered the company an extra $110 million in funds through GGV Capital.

On August 3, 2019, StockX finally posted a message about the third-party hack on their website. The hackers had accessed email addresses, shipping addresses, purchase history, and secret passwords. A trove of customer data was available to hackers.

Customer Notification

The company told its customers not to be too concerned. It had taken precautionary measures to update its systems after discovering the hack on July 26, 2019. Scott Cutler, the CEO of StockX, apologized to consumers through an email concerning the security breach.

In the letter that was emailed to customers, the CEO had acknowledged that the investigations were ongoing. On July 26, 2019, StockX was alerted to suspicious activity regarding customer data on its website. The company launched a full-scale investigation with third-party experts.

Through the investigation, the company decided to do a full username and password reset of all customer data as part of the security measures. Customers were notified about the system reset on August 1.

As part of the investigation, the company contacted forensic experts and law enforcement. The full scope and extent of the incident remained under investigation.

The CEO said that customers’ most sensitive data was not available to hackers — like their credit and debit card numbers. Customers went to Twitter to voice their concerns and frustration. Hackers had stolen customers’ credit card data and made fraudulent purchases through their accounts.

The Letter

Scott Cutler stated through his letter; it would be highly improbable that the hackers could readily access customers’ financial data. Financial data and credit card payments are not stored on the company’s network servers.

Instead, StockX uses a third-party processor to host, store, and process payments. There is not any evidence that the third-party processor was involved in the hacking incident.

Besides informing customers to reset their accounts, the company took the initiative to inform customers that some system-enhancing functions were already underway like:

  • System-wide security wipeout and updates

  • Rotations on all servers and devices

  • Closing and lockdown for cloud computing functions

StockX offered its customers free 12 months of identity theft and fraud protection, which included $1,000,000 of insurance reimbursement and CyberScan services.

The Class-Action Lawsuit

Customer plaintiffs have filed a class-action lawsuit in the Eastern District of Michigan since StockX company headquarters are in Detroit, Michigan. The plaintiffs allege that StockX failed to keep their information private by delving into deception.
Some of the plaintiffs include:

  • Johnny Sacasas

  • An unnamed minor

  • Chad Bolling

  • Richard Harrington

  • Anthony Giampetro

  • Adam Foote

  • Kwadwo Kissi

The plaintiffs are seeking monetary damages that the court deems proper. The hack happened in May 2019, and the plaintiffs did not receive notification until August 2019.

During that time, people made fraudulent sneaker purchases on their accounts, and their identities were stolen. The unnamed minor is the person who notified the company about the suspicious activity that was happening on the website.

Josh Luber

Josh Luber, a StockX co-founder, has decided to leave the company this week. He did make a statement about the data breach. Luber said that the company did not initially know about the hack.

However, the company did disclose details about the security breach as soon as the initial evidence was available — customers were to reset their accounts immediately. Josh Luber plans on starting another technology company in the future.

Lawsuit Dismissal

StockX said that the lawsuit is invalid and seeks to have it dismissed. Customers must agree to the terms of service upon account sign-up. They should seek mediation and arbitration before engaging in wide-scale class-action lawsuits. Customers waive their rights for a jury trial.

To have a valid claim, customers must opt-out of the terms of service and initiate individual lawsuits so that they can obtain proper relief. The plaintiffs petitioned the court on August 26 that arbitration legal proceedings be dismissed because they are unconscionable. StockX must file a response by September 30.

Other Featured Posts

Angry Students Sue University to Get Their Tuition Funds Back

COVID-19 has caused all sorts of changes, and one area where this is particularly evident is education. The majority of schools have switched to online education, and this is causing all sorts of frustrations for ...


Trump's Taxes Are In The Hands Of Prosecutors...So What?

In July 2020, the United States Supreme Court gave former President Donald Trump a devastating legal blow. In a 7-2 ruling, they refused to reverse a low court's decision to allow New York State prosecutors the ability...


Passengers File Class-Action Lawsuit Against Cruise Operator for COVID-19 Outbreak

Cruise ships have become an epicenter for the COVID-19 outbreak. Caught in close quarters with others as the virus was spreading, numerous passengers became ill and many eventually died. The p...


5 Reasons to Join a Class Action Lawsuit

Class action lawsuits are often talked about but rarely understood. People hear the term bandied about but really do not understand much about their benefits. There are numerous reasons why you would want to join a class action lawsui...