J.Crew Group, Inc. “Notice of Data Breach” Discloses Security Issue Related To www.jcrew.com Customer Accounts – E-Mail Addresses and Passwords Obtained by Unauthorized Party to Log Into jcrew.com Accounts

Kehoe Law Firm, P.C. is making consumers aware that in a “Notification of Data Breach” submitted by J.Crew Group, Inc. to the California Attorney General, J.Crew Group advised “. . . about a security issue related to . . . www.jcrew.com customer account[s].”

According to the “Notification of Data Breach,” “[t]hrough routine and proactive web scanning, [J.Crew Group] recently discovered information related to [one’s] jcrew.com account. Based on [J. Crew Group’s] review, [J.Crew Group] believe[s] [one’s] email address (used as [one’s] jcrew.com username) and password were obtained by an unauthorized party and in or around April 2019 used to log into [one’s] jcrew.com account.”

Further, according to the data breach notification, “[t]he information that would have been accessible in [one’s] jcrew.com account includes the last four digits of credit card numbers [one has] stored in [one’s] account, the expiration dates, card types, and billing addresses connected to those cards, and order numbers, shipping confirmation numbers, and shipment status of those orders.” [Emphasis added.]

Fastcompany.com reported (“If you shop at J.Crew, your sensitive personal info may have been stolen“) that “[i]t’s not clear why it took the American clothing brand nearly a year to disclose the hack.”

Have You Been Impacted by A Data Breach?

If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or send an e-mail to [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.

Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.

Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs.  Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.

Kehoe Law Firm, P.C.