Online Marketplacace Minted Facing CCPA Breach-related Class Action Lawsuit

by | Jun 16, 2020

Due to an alleged failure to put in place appropriate security measures to safeguard protect personal information, online design marketplace Minted Inc. is facing a class action lawsuit for breaching the California Consumers’ Privacy Act.

The proposed class action lawsuit was filed in San Francisco federal court last Thursday (June 11, 2020), and follows the company making public, during May, that unauthorized individuals had obtained access to the names and account login details of clients. The action was submitted, on behalf of the plaintiffs whose personal information was compromised in the breach, sued under the California Consumer Privacy Act.

It is thought that the personal data of approximately five million Minted users’ was stolen in the breach. Minted allows customers to place use orders for art, holiday cards, and wedding invitations using community-created graphic designs. On the same day that the breach occurred hacking group, Shiny Hunters, released a claim stating that they had stolen the private data of five million user accounts. They made the data available for a price of $2,500  on an underground forum.

In the breach notification published on the Minted.com website, it was revealed that the range of stolen information incorporated customer names and login credentials, specifically email addresses and hashed and salted passwords along with telephone numbers, billing addresses, shipping addresses, and birth dates, may have also been impacted.

In the filing the two plaintiffs, Melissa Atkinson and Katie Renvall, claimed that the group failed in its duty under CCPA legislation to properly safeguard personally identifiable information. It was claimed that the company could have avoided this breach occurring if it had invested in adequate security measures.

CCPA laws are applicable to companies that have gross annual revenues in excess of $25 million, companies sharing the data of more than 50,000 clients, or companies that earn 50% or more of their revenues from trading protected personal data, which for purposes of the law has a vague definition. Due to this businesses must share their data collection and sharing practices and allow consumers to delete their personal information if they so wish. Along with this, consumers must also be given the chance to opt-out of the sale of their data.

CCPA penalties are $2,500 for each unintentional violation or $7,500 for each intentional violation after notice and a 30-day opportunity to address the issue. Penalties sought under a private right of action range from $100 to $750 per violation.

 

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy