in Newswire Published on October 10, 2022

Ruger Responsible for 17-Month Data Breach, Class Action Alleges

by Kelly Mehorter

Last Updated on November 1, 2022

View Comments

Jones v. Sturm, Ruger & Company, Inc.

Filed: October 4, 2022 § 3:22-cv-01233

Read Complaint

A class action claims Ruger failed to properly safeguard consumers’ personal information and payment card data, resulting in a 17-month data breach.

Defendant(s)

Sturm, Ruger & Company, Inc.

Law(s)

State(s)

Connecticut

Categories

Data Breach

A proposed class action claims firearm manufacturer Ruger failed to properly safeguard consumers’ personally identifiable information and payment card data, resulting in a 17-month data breach from 2020 to 2022.

The 36-page case alleges defendant Sturm, Ruger & Company failed to protect the information consumers provided when making purchases on ShopRuger.com. As a result, cybercriminals were able to access proposed class members’ sensitive data from September 2020 to February 2022, the filing contends.

The complaint argues that the cyberattack persisted for 17 months because Ruger failed to perform adequate security reviews of its website. Additionally, Ruger did not alert affected individuals or various state attorneys general until August 2022, seven months after the malware behind the attack was removed by the website’s third-party host, Freestyle Solutions, the case asserts.

Per the filing, the unencrypted data was stolen directly from Ruger’s checkout page, and included consumers’ names, shipping and email addresses, credit or debit card information, products that were bought and the price, and the number of items purchased.

As the case tells it, Ruger’s failure to implement adequate cybersecurity measures was “particularly egregious” because customers were purchasing firearm accessories. 

“Criminals can now access their Private Information which includes the nature of their purchases and their shipping and billing addresses. With this information criminals can target the homes of firearm owners to steal firearms that they cannot obtain through legal channels.”

According to the lawsuit, Ruger “knew or should have known” that its website was at risk of being targeted by cybercriminals based on recent data breaches at other industry-leading companies. Precautionary reports from the FBI and U.S. Secret Service warned companies to take appropriate measures to prevent cyberattacks, the case relays.

The filing argues that Ruger went against industry-wide security standards by not investing in technology to encrypt payment card information at the point of sale. As a result, hackers were able to capture unencrypted data the moment customers made their purchases, the case alleges. The complaint contends that Ruger’s failure to protect consumers’ data is a breach of the company’s privacy policy, which promises to take “commercially reasonable steps to help protect and secure the Personal Information we collect.”

The complaint stresses that data breach victims have “suffered real and imminent harm” due to Ruger’s failure to safeguard their sensitive information and its delayed detection and disclosure of the cyberattacks.

“There is a strong probability that entire batches of stolen payment card information have been dumped on the black market or are yet to be dumped on the black market, meaning Plaintiff and Class Members are at an increased risk of fraud for many years into the future. Thus, Plaintiff and Class Members must vigilantly monitor their financial accounts for many years to come.”

The lawsuit looks to represent anyone who was impacted by the Ruger data breach between September 2020 and February 2022, including anyone who was sent a notice of the data breach in August 2022.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

Case Spotlight

Video Game Addiction Lawsuits

If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.

Learn more:Video Game Addiction Lawsuit

Depo-Provera Lawsuits

Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.

Read more: Depo-Provera Lawsuit

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on November 1, 2022 — 12:30 PM

Kelly Mehorter

kelly@classaction.org

Kelly works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.