Class Action Says Nearly Year-Long Filters Fast Data Breach Affected ‘Millions’ of Customers [UPDATE]
by Erin Shaak
Last Updated on March 2, 2022
Powers et al. v. Filters Fast, LLC
Filed: October 26, 2020 ◆§ 3:20-cv-00982
Filters Fast, LLC faces a proposed class action over a “massive data breach” that reportedly occurred between July 15, 2019 and July 10, 2020.
Case Updates
March 2, 2022 – Settlement Awaits Final Approval
A judge overseeing the case detailed on this page has, for the second time, denied final approval of a settlement that looks to compensate Filters Fast data breach victims, finding that those covered by the deal may not have been properly notified.
In a February 24 order, U.S. District Judge James D. Peterson held that the notice provided to class members was “deficient in two respects.” For one thing, the settlement administrator failed to mail notice to 6,728 class members who did not receive email notice, according to the order. Judge Peterson ruled that final approval of the settlement would need to be deferred until there was a reasonable effort to notify everyone covered by the deal.
Secondly, the judge found that the email notice sent to class members was problematic in that the subject line only stated “Legal Notice” and the sender was noreply@hcgsettlements.com. According to the judge, the email header “does nothing” to tell readers what the email is about, who it’s from and why it may be important.
“Rather, the vague wording suggests that the email is spam and can be safely deleted without reviewing its contents,” Judge Peterson wrote.
The judge noted that these issues may explain why only just over one percent of class members filed claims even though the settlement allows claimants to receive at least $25 without having to submit any documentation.
The proposed settlement looks to cover anyone in the U.S. whose payment card was used on the Filters Fast website to make a purchase between July 15, 2019 and July 10, 2020.
Those covered by the deal could claim up to $750 for documented out-of-pocket expenses and losses related to a fraudulent transaction on their payment card, up to $60 of reimbursement for time spent addressing fraud or monitoring their accounts, or up to $25 if they attest that they used a payment card to make a purchase on the Filters Fast website during the relevant timeframe.
The settlement also looks to provide credit monitoring for those affected by the data breach.
Judge Peterson noted that the court could not approve the settlement until the aforementioned deficiencies are resolved.
“A settlement that is otherwise fair provides little benefit for the class if few of them are aware that they are entitled to participate in the settlement,” the judge wrote.
Judge Peterson canceled the March 4 final approval hearing and directed the plaintiffs to submit a plan for curing the notice deficiencies by March 10.
Filters Fast, LLC faces a proposed class action over a “massive data breach” that reportedly occurred between July 15, 2019 and July 10, 2020.
According to the case, the filtration product retailer’s negligence and failure to adopt reasonable security measures allowed cyber criminals to access the company’s computer system for nearly a year, install malicious code on its website and steal the personal and financial data of “millions of unsuspecting customers across the country.”
“Filters Fast’s negligent failure to meet industry standards of cyber security allowed this to happen,” the complaint scathes, claiming the defendant waited six months after discovering the breach to notify affected consumers. According to the case, a website data tracker predicted that more than 3.4 million customers shopped on Fast Filter’s website from February through July 2020, a timeframe in which the defendant was allegedly “fully aware of the then-unresolved data breach.”
Per the complaint, Filters Fast discovered a possible data security incident in February 2020. Thereafter, the case says, an investigation revealed hackers had added malicious code to the retailer’s website on July 15, 2019. The code allowed unauthorized parties to access, according to Filters Fast, at least 323,000 customers’ names, shipping and billing addresses, and payment card details during the checkout process, the suit alleges.
Despite being aware of the growing risk of data breaches, Filters Fast failed to take reasonable steps to protect customers’ information and timely detect the breach once it occurred, the lawsuit charges. After discovering the security breach, the defendant, according to the case, allowed its website to remain fully operational for five more months “without making any effort” to minimize customers’ exposure.
“Filters Fast chose to complete its internal investigation and develop a response rather than provide its customers with the information they needed to protect themselves against fraud and identity theft,” the complaint reads.
Per the case, the malicious code was removed during an unrelated website update on July 10, 2020, and the defendant waited until the following month to begin notifying affected customers.
According to the suit, Filters Fast’s failure to adhere to both industry standards for data security and the Federal Trade Commission’s guidelines for reasonable security practices, not to mention its decision to notify affected customers “at its own pace over the course of six months,” left victims “in the dark” and exposed to a heightened risk of identity theft and fraud.
“These decisions left millions of unaware customers exposed to the imminent and substantial risks inherent in a data breach, including the compromise and fraudulent use of their personal and Payment Data,” the complaint alleges.
The lawsuit contends that Filters Fast’s offer of 12 months of free credit monitoring is “woefully inadequate” to compensate those who were affected by the breach.
The case looks to cover anyone in the U.S. who had their credit or debit card data compromised as a result of the Filters Fast data breach, with proposed subclasses of Wisconsin and Maryland residents.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Before commenting, please review our comment policy.