News

|

Feeds

|

Email

SAN FRANCISCO, June 16, 2020 /PRNewswire-PRWeb/ -- Customers whose private information was stolen by hackers in a massive data breach by a group called the Shiny Hunters have filed a class action lawsuit against Minted Inc., an online marketplace for crowdsourced home goods, art and stationery.

The complaint against the San Francisco-based company was filed on June 11, 2020, by San Diego-based law firm MoginRubin LLP in the U.S. District Court for the Northern District of California. The suit, one of the first California Consumer Privacy Act cases filed in federal court, alleges that Minted violated the CCPA when it failed to implement and maintain reasonable security procedures and practices, and ultimately exposed the data of millions of its customers.

The Shiny Hunters hacking group obtained customers' personally identifiable information from Minted's user database on May 6, 2020, and later attempted to sell 5 million of the records. Minted allegedly "became aware of a report that mentioned Minted as one of 10 companies impacted by a potential cybersecurity incident" on May 15, 2020, according to a notice to the company's customers. Affected customers were not notified that PII including names, email addresses, scrambled passwords, phone numbers and shipping addresses, had been disclosed to unauthorized and malicious third parties until May 28, 2020. Minted asserted that it had "no reason to believe that...payment or credit card information, address book information, photos or personalized information" were stolen, but has not confirmed that is the case, nor justified its reasoning for that belief.

The consumers are represented by Dan Mogin, Jennifer Oliver and Timothy LaComb of MoginRubin. In addition to a request for compensatory, statutory and punitive damages, plaintiffs are asking the court to order Minted to implement reasonable security procedures and practices to protect customers' PII.

"Minted's privacy policy assures Minted customers that their PII is secure," Oliver said. "Despite these assurances and the significant benefit Minted receives by collecting and maintaining customer PII, the company failed to reasonably protect this personal information, allowing hackers to run roughshod over its system."

Given the PII it maintains, Minted allegedly failed to maintain reasonable security controls as required by the California Consumer Privacy Act and other common and statutory laws. For example, the passwords the hackers obtained had been hashed and salted - which offered a certain level of protection - but can still be accessed and used by skilled hackers. Minted also allegedly failed to maintain proper breach detection capabilities, as evidenced by the fact that the company learned of the theft of millions of customer records in a public report and did not notify consumers until 22 days later. Had the company proactively engaged in appropriate protocols, customers could have been alerted much more quickly.

"While Minted claims that it is continuing to investigate the incident and has since enhanced its security, the fact is the viewing, theft and attempted sale of California consumers' PII on the dark web can never be undone," Oliver said. "Once the data has been compromised and the victims' sensitive information exposed, it's too late."

The case is Atkinson v. Minted, Inc., N.D. Cal., No. 3:20-cv-03869. A copy of the complaint will be provided upon media request and the plaintiffs' attorneys are available for interviews.

About MoginRubin
MoginRubin is a national antitrust, competition law and consumer protection law firm prepared to meet today's most demanding challenges in litigation, strategic counseling and policy advocacy. Our legal and economic expertise, built by litigating some of the nation's landmark cases, means our clients get the clarity, focus and commitment they need when faced with high-stakes legal issues. Our attorneys are fiercely dedicated to client advocacy. We relentlessly strive for excellence and justice every step of the way, navigating the layers of complexity to guide our clients to their desired goal - success.

###

Contact:
Sheilah Buack-Shelton
sbuack@moginrubin.com
(619) 798-5364

SOURCE MoginRubin LLP

Email

|

Slashdot

|

Digg

|

Del.icio.us

|

Feeds

RELATED NEWS ARTICLES

The New Identity Theft Crisis: AI Scams, Child Victims, and Credit Damage Are All Spiking | Jan 22, 2026 AllSci Launches Hypothesis Publishing: A Seamless Way to Share, Connect, and Advance Scientific Ideas | Jan 22, 2026 Canadian Fintech Tuhk Inc., Founded by Ethoca and NuData Security Veterans, Raises US$6 Million Seed Round Led by FINTOP, with Lloyds Banking Group and Capital One Ventures | Jan 22, 2026 Darwin CX Caps a Banner Year with AI Launch, Sold-Out Events, and Industry Book Launch | Jan 22, 2026 Fintech Startup BON Credit Secures $3.5 Million In Funding | Jan 22, 2026 Nudge Security Unveils Industry's Most Comprehensive AI Security Governance Platform | Jan 22, 2026 PayDo Launches Unified Payment Infrastructure Suite for Digital Businesses | Jan 22, 2026 IoTeX Publishes MiCA-Compliant Whitepaper for IOTX, Enabling EU-Wide Alignment Under the New Regulatory Framework | Jan 22, 2026 Paxos Selects Mesh To Enable Trusted Crypto Deposits | Jan 22, 2026 Gametime Launches "12 Days of Gametime" Holiday Giveaway in Partnership with Barstool Sports | Jan 22, 2026