StockX Prepares to Defend Itself Against a Data-Breach Class-Action Lawsuit



StockX Prepares to Defend Itself Against a Data-Breach Class-Action Lawsuit



StockX, a sneaker resale website, is involved in another class-action lawsuit because of a security data breach that happened last year. In May of 2019, over 6.8 million user accounts were hacked, and their personal information was sold on the dark web to buyers for $300.

Buyers had access to real names, usernames and passwords, credit and debit card accounts, and shoe sizes.

StockX took a long time after the security breach to make an official announcement on the website. At the time, StockX was worth $1 Billion after an additional round of funding from the selling of series C stock funding, which garnered the company an extra $110 million in funds through GGV Capital.

On August 3, 2019, StockX finally posted a message about the third-party hack on their website. The hackers had accessed email addresses, shipping addresses, purchase history, and secret passwords. A trove of customer data was available to hackers.

Customer Notification


The company told its customers not to be too concerned. It had taken precautionary measures to update its systems after discovering the hack on July 26, 2019. Scott Cutler, the CEO of StockX, apologized to consumers through an email concerning the security breach.

In the letter that was emailed to customers, the CEO had acknowledged that the investigations were ongoing. On July 26, 2019, StockX was alerted to suspicious activity regarding customer data on its website. The company launched a full-scale investigation with third-party experts.

Through the investigation, the company decided to do a full username and password reset of all customer data as part of the security measures. Customers were notified about the system reset on August 1.

As part of the investigation, the company contacted forensic experts and law enforcement. The full scope and extent of the incident remained under investigation.

The CEO said that customers’ most sensitive data was not available to hackers — like their credit and debit card numbers. Customers went to Twitter to voice their concerns and frustration. Hackers had stolen customers’ credit card data and made fraudulent purchases through their accounts.

The Letter


Scott Cutler stated through his letter; it would be highly improbable that the hackers could readily access customers’ financial data. Financial data and credit card payments are not stored on the company’s network servers.

Instead, StockX uses a third-party processor to host, store, and process payments. There is not any evidence that the third-party processor was involved in the hacking incident.

Besides informing customers to reset their accounts, the company took the initiative to inform customers that some system-enhancing functions were already underway like:


  • System-wide security wipeout and updates

  • Rotations on all servers and devices

  • Closing and lockdown for cloud computing functions



StockX offered its customers free 12 months of identity theft and fraud protection, which included $1,000,000 of insurance reimbursement and CyberScan services.

The Class-Action Lawsuit


Customer plaintiffs have filed a class-action lawsuit in the Eastern District of Michigan since StockX company headquarters are in Detroit, Michigan. The plaintiffs allege that StockX failed to keep their information private by delving into deception.
Some of the plaintiffs include:


  • Johnny Sacasas

  • An unnamed minor

  • Chad Bolling

  • Richard Harrington

  • Anthony Giampetro

  • Adam Foote

  • Kwadwo Kissi



The plaintiffs are seeking monetary damages that the court deems proper. The hack happened in May 2019, and the plaintiffs did not receive notification until August 2019.

During that time, people made fraudulent sneaker purchases on their accounts, and their identities were stolen. The unnamed minor is the person who notified the company about the suspicious activity that was happening on the website.

Josh Luber


Josh Luber, a StockX co-founder, has decided to leave the company this week. He did make a statement about the data breach. Luber said that the company did not initially know about the hack.

However, the company did disclose details about the security breach as soon as the initial evidence was available — customers were to reset their accounts immediately. Josh Luber plans on starting another technology company in the future.

Lawsuit Dismissal


StockX said that the lawsuit is invalid and seeks to have it dismissed. Customers must agree to the terms of service upon account sign-up. They should seek mediation and arbitration before engaging in wide-scale class-action lawsuits. Customers waive their rights for a jury trial.

To have a valid claim, customers must opt-out of the terms of service and initiate individual lawsuits so that they can obtain proper relief. The plaintiffs petitioned the court on August 26 that arbitration legal proceedings be dismissed because they are unconscionable. StockX must file a response by September 30.





Other Featured Posts


A Famous Country Music Group Sues a Seattle Blued Singer over a Band Name

Exactly who has the right to use the performing name "Lady A" is at issue in a lawsuit filed by one of the most well-known country music acts in the world. The group formerly known as Lady Antebellum h...

READ MORE

Did You Take an ACT College Admission Test? There Could Be Money Awaiting!

Anyone who's had to take a college admissions test knows how stressful and nervewracking it can be. Whether it's within a state that predominantly uses the SAT or one that uses the ACT, it's a proces...

READ MORE

The Diocese of New Orleans Files for Bankruptcy in the Middle of Litigation

As states pass laws to give victims of sexual abuse more time to file their lawsuits, the Catholic Church faces crushing legal liability. Many dioceses are suddenly the defendant in dozens of sexual ...

READ MORE

Finding Your Unclaimed Assets Just Became a Whole Lot Easier

With billions lost per year due to unclaimed assets, governments and organizations have been silently profiting since the dawn of society. With more in need of money than any other time in recorded American history...

READ MORE