Walmart sued under the California Consumer Privacy Act (CCPA), may be made to pay $750 to every customer who was affected by the breach
Top United States retail giant Walmart has been slapped with a lawsuit under the California Consumer Privacy Act (CCPA). In the lawsuit, Walmart is accused of causing “significant damage” to its customers after a data breach suffered by the company, although Walmart claims that such an incident never occurred.
The plaintiffs state that an unidentified group of hackers managed to access Walmart’s official website and exfiltrate customer data. The lawsuit has been filed U.S. District Court for Northern California. The lawsuit does not specify when the incident referred to occurred or the amount required by the plaintiffs.
The lawsuit says that as a result of Walmart’s data breach, customer names, financial and other information was stolen. “As a result of defendants’ wrongful actions and inactions, customer information was stolen. Many customers of Walmart have had their PII compromised, have had their privacy rights violated, have been exposed to the risk of fraud and identity theft, and have otherwise suffered damages,” the suit alleges.
“Further, despite the fact that the accounts are available for sale on the dark web, and Walmart’s website contains multiple severe vulnerabilities through which the data was obtained, Walmart has failed whatsoever to notify its customers that their data has been stolen,” the lawsuit adds.
Walmart denied the accusations and summarily rejected the lawsuit. As per the Bloomberg report, Walmart says that the data breach never happened and will argue against the claims in court. A spokesperson told Bloomberg: “Protecting our customers’ data is a top priority and something we take very seriously. “We dispute the plaintiff’s allegations that the failure of our systems played any role in the public disclosure of his personally identifiable information,” Walmart spokesperson told Bloomberg.
If the lawsuit is successful, Walmart will have to $750 to each and every person affected by the alleged data breach as per the CCPA law which came into force from July 1, 2020. Other tech firms sued under CCPA are Salesforce, Clearview AI, and Minted