This week, two class action lawsuits were filed against David’s Bridal in the U.S. District Court for the Eastern District of Pennsylvania due to two significant data breaches affecting the company. The lawsuits allege that David’s Bridal failed to adequately protect the personal information of both employees and customers. The breaches are linked to a ransomware attack by the LockBit group in January 2024, followed by a second attack by another group, WereWolves, in February 2024.
The complaints detail that after the initial attack, David’s Bridal allegedly did not take appropriate measures to improve its cybersecurity practices, leading to further vulnerabilities. The breaches exposed sensitive data, including names, addresses, identification documents, dates of birth, Social Security numbers, and financial account information. Plaintiffs claim that the company did not fulfill its promise to safeguard the sensitive data shared by employees and customers, which has resulted in potential harm to those affected.
Moreover, the lawsuits highlight that David’s Bridal failed to notify individuals affected by the breaches in a timely manner, preventing them from taking necessary steps to mitigate the potential damage. The class actions are being pursued on behalf of current and former employees and customers, alleging causes of action such as negligence, breach of implied contract, breach of fiduciary duty, and unjust enrichment. Notably, one plaintiff invoked the California Consumer Privacy Act, which allows for a private right of action in the event of a data breach.
The plaintiffs are seeking various forms of relief, including compensatory and punitive damages, restitution, and attorneys’ fees. They also request that David’s Bridal be mandated to implement improved technical and administrative security measures to protect personal information in the future. The outcome of these class actions could have significant implications for the company’s operations and reputation, as well as the broader conversation around data protection practices in the retail sector.
Reference: