#privacy: StockX faces lawsuit following data breach

StockX, a sneaker trading platform, is facing a lawsuit over a data breach that resulted in more than 6.8 million customer records being exposed.

Filed on Monday in U.S District Court, the lawsuit is on behalf of a minor from Kansas and other minors whose personal data “was accessed, acquired, stolen and re-sold by hackers for the express purpose of misusing plaintiff’s data and causing further irreparable harm to plaintiff’s personal, financial, reputational and future well-being.”

An unknown third party was able to gain access to StockX customer records and then sold it on the dark web. 

The lawsuit states that StockX was slow in informing users about the hack that had occurred months earlier. The stolen information included names, email addresses, hashed passwords, all of which are  “highly valued amongst cyber thieves and criminals on the Dark Web.”

According to the lawsuit the plaintiff and the class would never have provided their personal information to StockX if it had “disclosed that it lacked adequate security measures and data security practices, as was revealed by the media reports.” 

StockX had sent password reset emails, with a message attributing the reset to a system update, instead of revealing the truth. 

“Plaintiff and the class have been damaged in that plaintiff and the class spent time and will spend additional time in the future speaking with representatives, researching and monitoring accounts, researching and monitoring credit history, responding to identity theft incidents, purchasing identity protection, and suffering annoyance, interference, and inconvenience, as a result of the data breach.”

The suit seeks damages and a jury trial.


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.