in Newswire Published on March 9, 2020

Rutter’s Hit with Class Action Over 18-Month Data Breach

by Erin Shaak

Last Updated on September 25, 2024

View Comments

Collins v. Rutter’s Inc.

Filed: March 4, 2020 § 1:20-cv-00382

Read Complaint

A proposed class action claims Rutter’s Inc. failed to adequately prevent and respond to a data breach that exposed customers’ payment card information to unauthorized third parties.

Defendant(s)

Rutter’s Inc.

Law(s)

State(s)

Pennsylvania

Categories

Privacy Data Breach

A Pennsylvania man claims in a proposed class action that Rutter’s Inc. failed to adequately prevent and respond to a data breach that exposed customers’ payment card information to unauthorized third parties.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The lawsuit explains that Rutter’s, which operates gas stations and convenience stores across Pennsylvania, West Virginia and Maryland, announced on February 13, 2020 that “an unauthorized actor” had gained access to customers’ payment card data by installing malware on some point-of-sale devices. According to a post on Rutter’s website, customers’ names, credit and debit card numbers, card expiration dates and security codes may have been accessed between as early as August 30, 2018 and May 29, 2019.

The lawsuit argues that Rutter’s was on notice as to the risk of data breaches due to a “Security Alert” issued to gas station operators by Visa in November 2019. Despite the warning, Rutter’s failed to detect the breach for 18 months after customers’ private information was first accessed and waited another month before informing affected individuals, the case alleges.

The suit decries Rutter’s response to the breach as “wholly insufficient,” relaying that the defendant failed to provide any remedies, including credit monitoring and fraud insurance, for customers’ injuries even though similar solutions have been made available to victims of other recent data breaches. To date, Rutter’s has taken “no affirmative steps” beyond notifying customers of the breach to protect them from the “indefinite undeniable risk of fraud and identity theft,” the lawsuit says.

With regard to the plaintiff, the suit says the man discovered in February 2020 that his credit card had been used to make a fraudulent purchase from United Airlines in the amount of $2,477. The man says he has spent at least five hours mitigating the harm caused by the data breach and will likely spend additional time dealing with the “burdensome and time-consuming process” of monitoring his accounts.

The lawsuit seeks to cover anyone in the U.S. whose credit or debit card numbers were compromised in the Rutter’s breach, with a proposed class of Pennsylvania residents.

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on September 25, 2024 — 10:03 AM

Erin Shaak

erin@classaction.org

Erin works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.