TrueFire Data Breach Subject of Class Action Lawsuit

TrueFire Data Breach Subject of Class Action Lawsuit

Class Action Filed On Behalf of TrueFire Customers Whose Information Was Compromised As A Result of TrueFire’s Alleged Failure to Adequately Protect Its Users’ PII

Kehoe Law Firm, P.C. is making consumers aware that on April 14, 2020, a class action lawsuit was filed in United States District Court, Middle District of Florida, against TrueFire, LLC and TrueFire, Inc. (collectively, “TrueFire”) “. . . on on behalf of all persons whose PII was compromised as a result of the [TrueFire] Defendants’ [alleged] failure to: (i) adequately protect their users’ PII; (ii) warn users of their inadequate information security practices; and (iii) effectively monitor TrueFire’s websites, apps, and ecommerce platforms for security vulnerabilities and incidents.” [Emphasis added.]

According to the complaint,

[o]n or about March 9, 2020, TrueFire began notifying customers and various state Attorneys General about a widespread data breach that occurred from August 3, 2019 to January 14, 2020. Hackers not only “scraped” many of TrueFire’s customers’ names from the website by infecting it with malware, they also stole customers’ addresses, payment card numbers, CVV security codes, and credit card expiration dates (“PII”) (the “Breach”). The criminals obtained everything they needed to illegally use TrueFire’s customers’ credit cards to make fraudulent purchases, and to steal the customers’ identities.

Not only did hackers skim TrueFire’s customers’ PII, on information and belief the stolen names and card information are now for sale on the dark web. That means the Breach worked. Hackers accessed and then offered for sale the unencrypted, unredacted stolen PII to criminals. Because of Defendants’ Breach, customers’ PII is still available on the dark web for criminals to access and abuse. TrueFire’s customers face a lifetime risk of identity theft.

This PII was compromised due to TrueFire’s negligent and/or careless acts and omissions and the failure to protect customers’ data. In addition to TrueFire’s failure to prevent the Breach, Defendants failed to detect the Breach for over five months, and when they did discover the Breach on January 10, 2020, it took them almost two more months to report the Breach to the affected customers on or about March 9, 2020.

The stolen PII has great value to hackers: It is likely that hundreds of thousands of music students—residents of most states—were affected by the Breach. For example, TrueFire filed data breach notices in California, Indiana, Illinois, Massachusetts and Montana, among others. [Emphasis added.]

Have You Been Impacted by A Data Breach?

If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or send an e-mail to [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.

Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.

Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs.  Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.

Kehoe Law Firm, P.C.