Dropbox is facing a new class action lawsuit, filed on May 21, 2024, by plaintiff Steven Guiffre, accusing the company of failing to protect thousands of customers’ data in a significant breach. The lawsuit claims that Dropbox did not implement the necessary security measures to prevent this breach, which is estimated to have affected at least several hundred thousand users. The compromised data includes user emails, usernames, phone numbers, hashed passwords, multi-factor authentication details, and general account settings. This incident adds to Dropbox’s ongoing security challenges, following a major 2012 breach that impacted 68 million users and was one of the largest hacks in cloud server history.
According to the lawsuit, the plaintiffs’ personally identifiable information (PII) was exposed to an unknown third party, posing a significant risk of future fraud and identity theft. The complaint emphasizes the potential for significant harm, stating, “The PII of Plaintiff and Class Members was compromised through disclosure to an unknown and unauthorized third party—an undoubtedly nefarious third party that seeks to profit off this disclosure by defrauding Plaintiff and Class Members in the future.”
In addition to the risk of identity theft, the plaintiffs have incurred substantial costs in response to the breach, including verifying the breach, monitoring credit, exploring identity theft services, and consulting legal advice. The lawsuit argues that the plaintiffs have suffered actual injury due to the diminished value of their PII, which they had entrusted to Dropbox.
This recent lawsuit underscores the ongoing security issues faced by Dropbox. In late 2022, the company disclosed another breach where hackers accessed 130 code repositories, some source code, and personal information of some customers and employees. The accumulation of these incidents highlights the critical need for stronger security measures and better protection of customer data.
