Malicious Code Designed To Scrape Credit Card Numbers And Other Personal Information May Have Been Present on Company’s E-Commerce Platform As Early As November 11, 2016

Kehoe Law Firm, P.C. is making consumers aware that Bombas LLC filed a “Notice of Data Breach” sample customer letter with the State of California Department of Justice, Office of the Attorney General, which stated, among other things, that Bombas, “. . . as part of a review of data security, . . . discovered that malicious code designed to scrape credit card numbers and other personal information may have been present as early as November 11, 2016 on [Bombas’] e-commerce platform.” 

Further, the data breach notification stated that “[o]n May 20, 2020, [Bombas] received an investigative report, which could not rule out the possibility that the malicious code could have successfully scraped customer information. The report also confirmed that a new security feature, which was added to [Bombas’] e-commerce platform on February 16, 2017, prevented the malicious code from functioning after that date. Accordingly, there is a window from November 11, 2016 to February 16, 2017 during which customer information potentially could have been exposed.”

Bombas, according to the notification, “. . . believe[s] that the malicious code could have enabled the attacker to acquire certain personal information belonging to customers who entered their payment card information in [Bombas’] online checkout process during the relevant period. The affected information may have included [customer] name, address, and payment card data.” [Emphasis added.]

Have You Been Impacted by A Data Breach?

If so, please either contact Kehoe Law Firm, P.C., Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or e-mail [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.

Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.

Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs.  Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.

Kehoe Law Firm, P.C.