On May 20, 2020, popular startup Bombas learned that malicious code in their e-commerce platform may have scraped personal information as customers purchased product online. The sock retailer reports that consumer data was exposed during a window from November 11, 2016 to February 16, 2017.
Compromised data includes:
Bombas has not disclosed how many shoppers were affected by this cybersecurity incident. The company has notified victims of the breach and is offering two years of identity monitoring services at no cost. They also advise reviewing financial accounts and credit reports for fraudulent activity.
Shortly before the data breach, Bombas experienced a massive increase in daily orders, as a result of co-founders David Heath and Randy Goldberg appearing on a 5-minute “Good Morning America” segment in October 2016. Bombas had been handling up to 2,000 orders per day, a number that spiked to 26,000 after the television appearance.
Increased orders continued through the 2016 holiday season and beyond. Bombas now exceeds $100 million in annual revenues.
Unfortunately, this was not Bomba’s first data breach of customer payment information – nor its first delayed notification to consumers.
In 2019, the New York Attorney General’s Office announced that Bombas had agreed to pay $65,000 for failing to comply with the state’s data breach notification statute. In November 2014, Bombas discovered malicious code designed to steal payment card information from its e-commerce platform. The company waited almost two months to fix the problem, then mistakenly re-inserted the code into the website a few weeks later. Bombas failed to notify nearly 40,000 affected customers of the incident for more than three years.
Founded in 2013 and backed by “Shark Tank” star Daymond John, Bombas began by making comfortable, well-made socks with a “give-back” component to their business model. Bombas donates one pair of socks for each pair purchased to shelters, non-profits, and organizations dedicated to helping the homeless, in-need, and at-risk communities.
The company added t-shirts to their product line in 2019 and claims to have donated more than 38 million items to more than 2,500 community organizations.
If you purchased Bombas socks between November 11, 2016 and February 16, 2017 and have received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777 to discuss your situation and possible legal options.
With personal injury cases, success is defined by more than the number of dollars awarded at settlement. Our clients come to us not just bearing physical and financial trauma, but emotional and situational scars, as well. As the legal process evolves, relationships are built with our clients that typically last for a lifetime. Sometimes, that […]Learn More
On November 8, 2018, Anna* and her family fled their home in response to the Camp Fire mandatory evacuation. The massive fire destroyed more than 18,000 homes, displacing 50,000 residents in the town of Paradise, California, and surrounding areas. They didn’t have friends or relatives in neighboring cities to stay with and soon discovered that […]Learn More
On a warm August evening, Ray G. and his family were driving home from a school sporting event. As his Ford F250 pickup traveled through an intersection on Washington Blvd in Roseville, California, a Toyota Corolla compact sedan ran the red light and slammed into the driver’s side of Ray’s truck. The driver of the […]Learn More
Kimberly and Brian, both established professionals in Sacramento, were excited about moving into a charming yellow house in one of the best neighborhoods in the area. They had agreed to a lease-to-own arrangement that allocated $3,500 per month toward rent and an additional $2,000 per month toward a refundable deposit for the potential purchase of […]Learn More
Matthew B. contacted the Arnold Law Firm after consulting with multiple attorneys in the Sacramento area, including another major personal injury firm and an attorney specializing in motorcycle accidents. His case was rejected by other attorneys due to complexity with liability. As the rider in a car vs. motorcycle collision, Matthew suffered significant injuries to […]Learn More
Mr. E was on his way to work one very ordinary fall morning when an inattentive driver ran a red light, collided with his vehicle, and changed his life forever. In that moment, although he didn’t realize it at the time, a chain of events was set into motion that affected every aspect of his […]Learn More