Making Cyber Simple. Really.

Less than a year since the California Consumer Privacy Act (CCPA) went into effect, Walmart is being sued for violating the new data regulations. After an unspecified incident, cyber-criminals were able to access customers’ names, addresses, financial information, and other sensitive data.

The class action suit alleges that “As a result of defendants’ wrongful actions, customer information was stolen. Many customers of Walmart have had their PII compromised, have had their privacy rights violated, have been exposed to the risk of fraud and identify theft and have otherwise suffered damages. Further, despite the fact that the accounts are available for sale on the dark web, and Walmart’s website contains multiple severe vulnerabilities through with the data was obtained, Walmart has failed whatsoever to notify its customers that their data has been stolen.”

It is unknown how many customers were affected by the breach, or how much personal information was stolen during the attack, but the number is at least in the thousands. If damages are awarded, each customer will be rewarded up to $750.

The CCPA went into effect at the beginning of 2020, but enforcement of the law started on July 1. The law gives power to individuals to demand companies not share their data with third parties, and to learn what personal information companies hold.

Other large companies are also lined up for CCPA lawsuits in the near future, including Salesforce, Clearview AI and the online marketplace Minted.

According to INSUREtrust Executive Vice President Erin Burns, “Regardless of CCPA, these actions would have violated any state privacy laws. What will be interesting to see is if California regulators fine them and if other states then follow suit in bringing fines if consumers in their states were affected.”  Burns goes on:  “From a coverage perspective if regulators bring charges, will that claim be treated as a separate matter and will a separate retention apply to the regulatory allegation and will each state action be treated as a separate claim?”

INSUREtrust (d/b/a ITDC Insurance Services) is a national insurance wholesaler simplifying insurance for emerging risks. For over 22 years, INSUREtrust has focused on emerging risks related to Cyber Liability, Technology Errors & Omissions issues, and Miscellaneous Professional Liability (MPL).

Contact Information

INSUREtrust.com, LLC
5185 Peachtree Parkway
Suite 230
Norcross, GA 30092

Main phone number (during business hours)
(770) 200–8000 or 1-888-WEBRISK

Email us at: [email protected]

Newsletter Sign-Up

Keep up with our news and upcoming events delivered straight to your inbox. Enter your e-mail and subscribe to our newsletter.