Chuze Fitness Failed to Protect Employee Data from Hackers, Class Action Claims

New to ClassAction.org? Read our Newswire Disclaimer

Chuze Fitness has been hit with a proposed class action over a November 2023 cyberattack that compromised the personal information of current and former employees.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 36-page lawsuit relays that Rachas, Inc., which does business as Chuze Fitness, was targeted by notorious cybercriminal group LockBit on November 27 of last year. A notice letter sent to data breach victims last month reports that as a result of the cyberattack—during which the threat actor gained access to the gym operator’s network—highly sensitive personal information belonging to Chuze Fitness employees was exposed.

According to the notice, the private data compromised in the ransomware attack included at least names, mailing addresses and Social Security numbers. The hacker group’s platform on the dark web indicates that the stolen information has already been posted for sale, the suit adds.

The data breach lawsuit contends that the San Diego-based company—which operates roughly 60 fitness centers throughout Arizona, California, Colorado, Florida, Georgia, New Mexico and Texas—negligently failed to maintain proper cybersecurity to protect the private information in its care. Chuze Fitness also failed to adequately train employees in data security, the complaint alleges.

The defendant’s apparent negligence left the confidential information in a “vulnerable position” and made it an “easy target[] for cybercriminals,” the filing charges.

Moreover, the lawsuit condemns the company’s allegedly delayed notification of victims. Although Chuze Fitness reports that the incident occurred in late November of last year, it waited until January 18, 2024 to distribute notice letters to affected individuals, the suit points out.

As the case tells it, this delay unfairly deprived victims of the opportunity to promptly take action to mitigate the harm caused by the unauthorized disclosure of their data.

The plaintiff, a former employee who resides in New Mexico, says she received notice from Chuze Fitness informing her that her personal information had been compromised in the breach. Like other victims, the woman now “fears for her personal financial security,” and faces an ongoing risk of identity theft and fraud, as a result of the data breach, the complaint asserts.

The lawsuit looks to represent anyone in the United States whose personal information was compromised in the data breach discovered by Chuze Fitness in November 2023, including those who received notice of the incident.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.