Francesca’s Facing Class Action Over January 2023 Data Breach

New to ClassAction.org? Read our Newswire Disclaimer

Women’s fashion retailer Francesca’s faces a proposed class action in the wake of a January 2023 data breach in which cybercriminals accessed “a gold mine” of current and former employees’ and customers’ personal information. 

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here. 

According to the 38-page case, Francesca’s discovered around January 31 of this year that an unauthorized party had accessed files on its computer systems between January 12 and the end of the month. Per the suit, current and former employees’ and customers’ names, Social Security numbers and financial account information were compromised in the Francesca’s data breach. 

“As a result of the Data Breach, Plaintiffs and Class Members have experienced and/or are at a substantial and imminent risk of experiencing identity theft and various other forms of personal, social, and financial harm,” the complaint stresses. “This risk will remain for their respective lifetimes.” 

Compounding matters, the lawsuit says, was Francesca’s failure to notify data breach victims until nearly eight months after the company discovered the incident. The case contends that this “outrageous delay” effectively gave the data thieves a head start and hampered victims from being able to mitigate their damages. 

“This inexcusable delay in notification amplified the harm to plaintiffs and the Class,” the suit scathes. 

Further, the case says Francesca’s has offered no assurance that all personal data or copies of the data have been recovered or destroyed, or that it has appropriately bolstered its cybersecurity practices “to avoid a similar breach of its network in the future.” 

The case alleges Francesca’s was “on notice” that failing to take appropriate data security measures left the information in its care vulnerable to a cyberattack. The suit claims the sensitive data stolen in the Francesca’s breach “has already been fraudulently misused.” 

“Francesca’s knew or should have known that its electronic records would be targeted by cybercriminals, yet it failed to take the necessary precautions to protect Plaintiffs’ and Class members’ Private Information from being compromised,” the suit charges. 

As the case tells it, Francesca’s response to the data breach has been “particularly paltry” since the retailer has offered victims only 12 to 24 months of credit monitoring, a “wholly inadequate” remedy given the circumstances. 

The lawsuit looks to cover all individuals in the United States who were impacted by the January 2023 Francesca’s data breach, including anyone who was sent a notice about the incident by defendant Francesca’s Acquisition, LLC. 

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.