Claire’s Data Breach

Posted on behalf of Arnold Law Firm in

If you received notice from Claire’s Stores that your personal information may have been compromised as a result of a Data Incident that occurred between April 7, 2020, and June 12, 2020, the United States District Court for the Northern District of Illinois (Eastern Division) has preliminarily approved a class action settlement that may affect your legal rights. You can submit claims at: https://cyberattacklitsettlement.com/

cyber-attack-colorfulOn June 12, 2020, fashion accessory retailer Claire’s identified unauthorized computer code present on its website for nearly two months. The malicious code was designed to obtain confidential information entered by customers during the checkout process and forward that data to an outside server. Purchases made in Claire’s retail store locations reportedly were not involved. According to security company Sansec, a malicious site “claires-assets.com” was registered by an anonymous party the day after Claire’s closed its 3,000 worldwide stores due to COVID-19. The shutdown created a prime opportunity for a Magecart cyber-attack in anticipation of the resulting surge in online traffic. Magecart is malware for online skimming which allows hackers to steal transaction information entered during the purchase. Reportedly, the code was placed directly on Claire’s servers, and the skimmer was attached to the submit button of the checkout form. When the shopping cart purchase button is clicked, Magecart grabs an image of the transaction and sends it to the hacker’s server. Hackers know that image file requests are less likely to be monitored by security systems. Personal information at risk of compromise was entered during the checkout process, including:
  • First and last names
  • Addresses
  • Email addresses
  • Phone numbers
  • Payment card numbers
  • Expiration dates
  • Card verification codes
  • Gift card numbers
  • PINs (for new accounts opened with the purchase)
  • Passwords (for new accounts opened with the purchase)
According to Claire’s, the data breach started on April 7, 2020, continuing intermittently through June 12, 2020, however Sansec believes the skimming may have begun as early as March 20, 2020. Claire’s also claims there were multiple spans during this time period when purchase data may not have been scraped because of new code deployments. Claire’s claims to have identified specific transactions involved and has notified the customers who placed an order when the added code was present. They are offering affected customers one year of internet surveillance and identity theft insurance services and have taken measures to reinforce the security of their site. Customers are encouraged to closely review payment card account statements for any unauthorized charges. If you are unsure whether your data may have been compromised, Claire’s has established a dedicated call center, which can be reached by calling 1-844-951-2879. Established in 1961, Claire’s is a leading specialty retailer of accessories, cosmetics, and jewelry primarily for girls, tweens, and teens, operating 2,220 stores throughout North America and Europe with additional concession locations and franchised stores worldwide. Claire’s also offers more sophisticated merchandise designed for young women through its 200 Icing brand stores. The Illinois-based company employs nearly 19,000 and has estimated annual revenues of $1.3 billion. Claire’s is owned by Apollo Global Management, LLC, a global alternative investment manager firm that specializes in investing across credit, private equity, and real assets.

If you received notice from Claire’s Stores that your personal information may have been compromised as a result of a Data Incident that occurred between April 7, 2020, and June 12, 2020, the United States District Court for the Northern District of Illinois (Eastern Division) has preliminarily approved a class action settlement that may affect your legal rights. You can submit claims at: https://cyberattacklitsettlement.com/

Settlement - $3,767,000

Truck Accident

A 20-year-old man who had been married for just 12 days left home on his way to work. He was driving on Pleasant Grove Road in Sutter County in the early morning when he came upon a slow-moving truck. As he pulled out to pass the truck, the truck driver turned left in front of him. The young man attempted to steer back into his lane but his vehicle struck an un-flagged piece of metal extending from the back of the truck. He died in the resulting crash.

Expert witnesses brought in by the Arnold Law Firm proved that the truck, owned and operated by a hauling firm, should never have been on the highway that morning. Specifically, the rear and side turn signals did not work and the rear-view mirror was in a poor state of adjustment at the time of the collision. As a result, the driver, who had failed to properly inspect the vehicle before setting out that morning, couldn’t see the young man’s vehicle as it attempted to pass.

The poor condition of the truck, its lack of maintenance and the manner in which it was operated were found to be substantial factors in causing the collision that killed the young man. The testimony also established that the man had been making a lawful pass at the lawful speed limit and acted reasonably when he attempted to avoid the collision.

The man’s 20-year-old widow was awarded $3,767,000.77, his parents were awarded $185,131 and the family was reimbursed $11,899 in funeral expenses. Though money is a poor substitute for a young man’s life, this verdict demonstrates that drivers who endanger the lives of others will be held accountable for their actions.