Class Action Filed Over Neopets Data Breach Affecting Over 69 Million Consumers

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action lawsuit claims the company behind Neopets, a virtual pet game that originally launched in 1999, has failed to safeguard players’ sensitive personal information from a data breach that lasted over a year.

According to the 26-page case, defendant JumpStart Games, Inc. experienced a “massive and preventable cyberattack” between January 2, 2021 and July 19, 2022 due to the company’s inadequate data security. The lawsuit claims the sensitive information of at least 69 million consumers, including children, was compromised in the Neopets data breach.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

Per the suit, the exposed information may have included Neopets players’ names, email addresses, usernames, dates of birth, genders, IP addresses, PINs, hashed passwords, virtual pet data, gameplay data and other information provided to Neopets that was allegedly left “unprotected.”

The lawsuit alleges that JumpStart Games has “intentionally, willfully, recklessly, or negligently” failed to take reasonable steps to secure Neopets players’ sensitive information and could have prevented the data breach by properly encrypting its servers.

Moreover, the case claims that although JumpStart Games sent victims notice of the breach around August 29, a little over a month after learning of the incident, the company has essentially kept victims “in the dark” regarding what data was stolen, the type of malware used in the breach and the steps taken to secure users’ data against unauthorized access.

“Representative Plaintiff and Class Members are, thus, left to speculate as to where their [personally identifiable information] ended up, who has used it and for what potentially nefarious purposes,” the complaint reads. “Indeed, they are left to further speculate as to the full impact of the Data Breach and how exactly Defendant intends to enhance its information security systems and monitoring capabilities so as to prevent further breaches.”

According to the suit, the consequences of the exposure of players’ data are “long lasting and severe” as fraudulent use of their information may continue “for years.”

The plaintiff, a Florida resident, says she was unaware of the breach, or even that JumpStart Games was still in possession of her personal information, until receiving notice in late August. Per the case, the plaintiff has experienced “lost time, annoyance, interference, and inconvenience” due to the breach, not to mention “anxiety and increased concerns for the loss of privacy” and potential misuse of her data.

The lawsuit looks to represent anyone in the United States whose personally identifiable information or financial information was exposed to unauthorized parties as a result of the data breach discovered on July 20, 2022.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.