TrueFire Experiences Second Data Breach in 2020

NOTICE: If you reside in California, made an online TrueFire purchase between February 21, 2020 and July 28, 2020, and have received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777.

truefire data breach On July 28, 2020, leading online guitar instruction provider TrueFire, LLC (TrueFire) informed its customers of yet another 2020 data breach, spanning five months and affecting nearly 600,00 members.

TrueFire’s computer network was reportedly accessed by an unauthorized person who compromised customer information stored on their system, including:

  • Names
  • Usernames
  • Phone numbers
  • Dates of birth
  • Emails
  • Physical addresses
  • Account balances
  • Passwords

TrueFire claims to have taken measures to secure their systems and review network security policies and procedures. The company is offering affected customers one year of identity monitoring service.

Although TrueFire claims to not store payment data, it is unknown whether payment information may have been captured in real time as users bought classes and courses online, as alleged in class action lawsuit Emmanuel Llamas v. Truefire, LLC et al. regarding a separate TrueFire security incident. The previous six-month-long cyberattack was disclosed to customers on March 9, 2020.

Due to the number of California residents affected, the data breach falls under the California Consumer Privacy Act (CCPA) notification requirements.

The California Consumer Privacy Act (CCPA) applies to companies that do business in California and collect personal information from California residents. It requires businesses to notify any California resident whose personal information was compromised as a result of a data breach. Any business notifying more than 500 California residents as a result of a single breach must also submit a sample copy of that notification to California's Attorney General.

The CCPA went into effect on January 1, 2020 and is considered to be one of the broadest state-level privacy laws in U.S. history. Among the rights the CCPA endows is the consumer’s right to bring an action for statutory damages if a data breach meets certain requirements.

Based in Florida, TrueFire boasts the “largest and most comprehensive selection of online guitar lessons” with students from 200 countries who use TrueFire’s interactive self-study courses and learning systems for online workshops and classrooms. Estimated annual revenue is $1.31 million.

If you reside in California, made an online TrueFire purchase between February 21, 2020 and July 28, 2020, and have received a NOTICE OF DATA BREACH email or letter regarding this incident, contact the data breach lawyers at the Arnold Law Firm at (916) 777-7777 to discuss your situation and possible legal options.