Cincinnati, OH: Whole Foods is facing a data breach class action lawsuit alleging its negligence resulted in consumers’ personal information being stolen during a systems hack in September.
According to the complaint, filed by named plaintiff Patricia Banus, the data hack affected Whole Foods taprooms and restaurants. Banus alleges in the lawsuit that she paid for goods at a Whole Foods Market Group Inc. taproom four days before the September 28 announcement of the breach. As a result, she asserts she must now cancel her card, given that her personally identifiable information may have been compromised through the breach of the taproom’s point-of-sale system.
“Plaintiff, individually and on behalf of those similarly situated, brings this action to challenge the actions on Whole Foods in the protection and safekeeping of the plaintiff's and class members' personal information,” the complaint states. “Whole Foods' failures to safeguard the consumer PII has caused plaintiff and class members damage.”
According to the complaint, Whole Foods had a duty under the Fair Credit Reporting Act to safeguard customers’ personally identifiable information from being disclosed to third parties. As part of those responsibilities, Whole Foods should have been following security protocols from Mastercard and VISA in the processing of card transactions. The breach may have resulted from a failure by Whole Foods to comply with these security standards, the complaint states.
Further, Whole Foods allegedly violated Ohio consumer protection laws and if consumers had known that their personal data was not properly protected, they would have potentially have shopped somewhere else, the complaint states.
The plaintiff claims there is a good probability that the full extent of the identity theft and fraud that could result from the Whlole Foods data breach has yet to be disclosed and consumers’ information might be available to purchase on the dark web.
The proposed class is made up of all US consumers whose personal data was released during the September breach. Banus also seeks to represent an Ohio subclass. The size of the proposed class is unclear with the company reporting that 117 venues were affected.
The proposed class is represented by Marc E. Dann and Brian D. Flick of the Dann Law Firm and Thomas A. Zimmerman Jr. of Zimmerman Law Offices PC.
The case is Banus v. Whole Foods Market Group Inc., case number 1:17-cv-02132, in the U.S. District Court for the Northern District of Ohio. .