Schubert Jonckheer & Kolbe LLP is investigating a recent data breach affecting the payment card information of more than 30,000 customers of PupBox, Inc., a subsidiary of Petco Health and Wellness Company, Inc..
On October 2, 2020, PupBox announced that its website, PupBox.com, where dog owners can subscribe to receive monthly shipments of food, treats, and merchandise, was the target of a months-long data breach affecting more than 30,000 of its subscribers. The breach resulted from an unauthorized website plug-in that potentially exposed subscribers’ names, addresses, email addresses, passwords, credit card numbers, credit card expiration dates, and credit card CVV codes. According to the company, fraudulent activity may have already occurred on credit cards used on the PupBox website during the relevant period.
The Schubert Firm is investigating the conduct and cybersecurity practices of PupBox and Petco in relation to the breach. Of particular concern, the malicious plug-in was active on the PupBox website for nearly six months between February 11 and August 9, 2020. Furthermore, the company waited at least a month to notify victims after learning the full extent of the breach.
Victims of the PupBox data breach may be able to participate in a class action lawsuit seeking monetary damages and changes to the company’s cybersecurity practices.
About Schubert Jonckheer & Kolbe LLP
Schubert Jonckheer & Kolbe represents shareholders, employees, and consumers in class actions against corporate defendants, as well as shareholders in derivative actions against their officers and directors. The firm is based in San Francisco, and with the help of co-counsel, litigates cases nationwide.
Schubert Jonckheer & Kolbe LLP