Bombas Data Breach Possibly Involving Customer Personal Information

Bombas Data Breach Possibly Involving Customer Personal Information

Malicious Code Designed To Scrape Credit Card Numbers And Other Personal Information May Have Been Present on Company’s E-Commerce Platform As Early As November 11, 2016

Kehoe Law Firm, P.C. is making consumers aware that Bombas LLC filed a “Notice of Data Breach” sample customer letter with the State of California Department of Justice, Office of the Attorney General, which stated, among other things, that Bombas, “. . . as part of a review of data security, . . . discovered that malicious code designed to scrape credit card numbers and other personal information may have been present as early as November 11, 2016 on [Bombas’] e-commerce platform.” 

Further, the data breach notification stated that “[o]n May 20, 2020, [Bombas] received an investigative report, which could not rule out the possibility that the malicious code could have successfully scraped customer information. The report also confirmed that a new security feature, which was added to [Bombas’] e-commerce platform on February 16, 2017, prevented the malicious code from functioning after that date. Accordingly, there is a window from November 11, 2016 to February 16, 2017 during which customer information potentially could have been exposed.”

Bombas, according to the notification, “. . . believe[s] that the malicious code could have enabled the attacker to acquire certain personal information belonging to customers who entered their payment card information in [Bombas’] online checkout process during the relevant period. The affected information may have included [customer] name, address, and payment card data.” [Emphasis added.]

Have You Been Impacted by A Data Breach?

If so, please either contact Kehoe Law Firm, P.C., Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or e-mail [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.

Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.

Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs.  Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.

Kehoe Law Firm, P.C.