The Northern District of California granted a motion for preliminary approval of class action settlement on Monday between consumers led by Alex Pygin, Bombas, LLC and Shopify, Inc. This settlement will reimburse consumers who were victims of a data breach through Bombas’ platform.
Bombas has been using Shopify since 2015 “to provide ecommerce technology for their customers to purchase items online.” The plaintiffs alleged that “the Shopify Plus platform takes the key payment and personal information from the customer to finalize the transaction, including name, billing and shipping addresses, payment card type and number, CVV code, credit card expiration date, email address and sometimes telephone number.” Shopify’s website says “running a secure ecommerce solution and keeping your online store safe is our number one priority” to businesses and “we protect your information from others” to consumers. However, Bombas customers received a Notice of Data Breach on June 3, 2020, where “malicious code could have successfully scraped customer information between November 11, 2016 and February 16, 2017.”
In July 2020, consumers filed a class action complaint and proposed a settlement fund of $225,000 to be given to class members, as well as costs of Claims Administration, attorney’s fees, and service award to be paid in full by Bombas. The defendants agreed to write a Written Information Security Policy, train employees to carry out this policy, implement a strong password policy and multi-factor authentication.
On Monday, the court preliminarily approved this unanimously agreed-upon settlement and appointed Alex Pygin as the Representative Plaintiff. The motion for final approval will be on November 5, and the final approval hearing will be on November 19.