Rutter’s Hit with Class Action Over 18-Month Data Breach
by Erin Shaak
Last Updated on September 25, 2024
Collins v. Rutter’s Inc.
Filed: March 4, 2020 ◆§ 1:20-cv-00382
A proposed class action claims Rutter’s Inc. failed to adequately prevent and respond to a data breach that exposed customers’ payment card information to unauthorized third parties.
A Pennsylvania man claims in a proposed class action that Rutter’s Inc. failed to adequately prevent and respond to a data breach that exposed customers’ payment card information to unauthorized third parties.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The lawsuit explains that Rutter’s, which operates gas stations and convenience stores across Pennsylvania, West Virginia and Maryland, announced on February 13, 2020 that “an unauthorized actor” had gained access to customers’ payment card data by installing malware on some point-of-sale devices. According to a post on Rutter’s website, customers’ names, credit and debit card numbers, card expiration dates and security codes may have been accessed between as early as August 30, 2018 and May 29, 2019.
The lawsuit argues that Rutter’s was on notice as to the risk of data breaches due to a “Security Alert” issued to gas station operators by Visa in November 2019. Despite the warning, Rutter’s failed to detect the breach for 18 months after customers’ private information was first accessed and waited another month before informing affected individuals, the case alleges.
The suit decries Rutter’s response to the breach as “wholly insufficient,” relaying that the defendant failed to provide any remedies, including credit monitoring and fraud insurance, for customers’ injuries even though similar solutions have been made available to victims of other recent data breaches. To date, Rutter’s has taken “no affirmative steps” beyond notifying customers of the breach to protect them from the “indefinite undeniable risk of fraud and identity theft,” the lawsuit says.
With regard to the plaintiff, the suit says the man discovered in February 2020 that his credit card had been used to make a fraudulent purchase from United Airlines in the amount of $2,477. The man says he has spent at least five hours mitigating the harm caused by the data breach and will likely spend additional time dealing with the “burdensome and time-consuming process” of monitoring his accounts.
The lawsuit seeks to cover anyone in the U.S. whose credit or debit card numbers were compromised in the Rutter’s breach, with a proposed class of Pennsylvania residents.
Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.