PORTLAND, Ore. — A new federal lawsuit alleges that Nike failed to adequately protect customer data and delayed notifying affected individuals following a recent breach.
The lawsuit, filed by a California plaintiff and seeking class-action status, claims Nike discovered the breach around Jan. 21 but did not notify customers until more than a month later, on Feb. 25, OregonLive reported.
According to the complaint, exposed information included names, email addresses, billing addresses, phone numbers and payment card details, citing a Nike notice referenced in the filing.
“Because of the data breach, plaintiff’s private information is now in the hands of cyber criminals,” the lawsuit states, according to OregonLive. “Plaintiff and all Class members are now imminently at risk of crippling future identity theft and fraud.”
The Allegations
The suit alleges Nike failed to take “adequate and reasonable” steps to safeguard sensitive information, including encrypting data.
It also claims affected individuals may require long-term identity theft monitoring. “Plaintiff and all Class members will need to have identity theft monitoring protection for the rest of their lives,” the filing states, OregonLive reported..
The lawsuit seeks at least $5 million in damages, including the cost of credit monitoring services for impacted customers.
Nike declined to comment, according to OregonLive.
The company was also the target of a ransomware attack in January, though it remains unclear whether that incident is related to the breach cited in the lawsuit.
