Inadequately secured information
Sonic acknowledges that it experienced a data breach that exposed the PII, credit card numbers, and other information of approximately five million customers that could allow criminals to make fraudulent charges to their accounts. The complaint for this class action alleges that it was Sonic’s negligence that enabled the data breach. Other chains, such as Wendy’s and Chipotle, have experienced data breaches recently which the complaint alleges should have put Sonic on notice. However, the complaint alleges, the system Sonic was using was in fact thirty years old, and while the company was working to update it, some locations were still on the old system.
Shorter University is settling a class action alleging that the personally identifiable information (PII) and protected health information (PHI) of certain current and former students was stolen or exposed because of a September 2014 theft of documents at the Winthrop-King Centre on Shorter’s campus.
Tempur Sealy sells its products to consumers through the Tempurpedic.com website. Until October 2016, its website and online payment system was handled through Aptos, a company that provides what the complaint calls “retail enterprise management solutions,” such as point of sale, analytics, and order management. According to the complaint, in February 2016, someone breached Aptos’s systems and installed malware to capture payment card and other information for forty online retailers, including Tempur Sealy. The complaint claims that not only should the information not have been obtainable, but that Aptos and Tempur Sealy were both remiss in not informing customers immediately.
According to the complaint, Deep Root collected PII on nearly 200 million Americans, including their names, addresses, e-mail addresses, dates of birth, browsing history, and voter ID numbers. The information allegedly included sensitive information analyzing where voters stood on controversial issues such as gun control and abortion, as well as information the RNC had had collected by other data analytics contractors from the 2008 and 2012 elections.
The complaint for this class action alleges when hackers accessed the point-of-sale systems at Chipotle locations throughout the US, customers and victims didn’t hear anything about the data theft for a month.