Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Fitness Depot and Northern Lights Fitness Products Inc. are facing a proposed class action lawsuit after an alleged data breach exposed the personal and private information of consumers who purchased items through www.fitnessdepot.ca.
Lead plaintiff, P. Garito of Ontario, says that he and others received notice that their payment information may have been skimmed by hackers. The plaintiff says that the defendants claimed these hackers were able to access such information because Fitness Depot and Northern Lights’ internet service provider (ISP) had failed to activate anti-virus software. However, the data breach class action lawsuit alleges that the defendants failed to take proper steps to safeguard their own information.
“These class proceedings concern a large privacy breach has impacted thousands of Canadian consumers who have had their sensitive Personal and Private Information compromised and placed into the hands of criminals,” contends the complaint.
The plaintiff says he purchased fitness equipment through the Fitness Depot website for in-store pickup on May 4, 2020. Fitness Depot is registered in Cornwall, Ontario, along with the other defendant, Northern Lights Fitness Products, says the data breach class action lawsuit. They both market and sell fitness equipment in Canada through the Fitness Depot website.
According to the Fitness Depot data breach class action lawsuit, Fitness Depot has 40 stores across Canada and two in the United States. It describes itself as “the largest retailer of specialty exercise equipment in Canada, with the guaranteed lowest prices in North America.”
Despite the breach of their sensitive and financial information, the plaintiff says that he and other proposed Class Members were not offered any credit monitoring or identity theft protection services by the companies.
“The Defendants failed to take proper steps to safeguard their own customers’ Personal and Private Information, a duty they are legally obligated to do, and in violation of their own express promises to Class Members,” alleges the proposed Fitness Depot data breach class action lawsuit.
According to a press release issued by the lawyers representing the plaintiff, the Fitness Depot data breach affected those who purchased fitness products online for home delivery between Feb. 18, 2020 and May 22, 2020, as well as those who purchased products through the website for home or in-store pickup between Feb. 28, 2020 and May 22, 2020. The data accessed in the breach may include names, addresses, email addresses, phone numbers, credit card numbers, and potentially other information.
The Fitness Depot data breach class action lawsuit alleges the hackers may have been able to access Fitness Depot’s online store through a “magecart attack.”
“’Magecart Attack’ means the form of data skimming whereby the attackers implant malicious code into e-commerce websites that enable them to capture sensitive information from online payment forms on checkout pages, such as email addresses, passwords, and credit card numbers,” explains the Fitness Depot data breach class action lawsuit.
The data breach class action lawsuit says that for hackers to successfully use a magecart attack to access consumer information, they must have three things: access to the e-commerce website, the ability to skim information from a form, and to send that information back to their server. The plaintiff contends that Fitness Depot’s website failed to protect consumer privacy and gave hackers just the tools they needed to perpetrate the attack.
According to the Fitness Depot data breach class action lawsuit, by failing to appropriately protect consumers’ sensitive information, Fitness Depot violated a number of Canada’s laws, including the Personal and Private Information Protection and Electronic Documents Act, Digital Privacy Act, and Freedom of Information and Protection of Privacy Act. In addition, the company allegedly violated provincial laws enacted to protect consumers’ digital privacy.
“To make matters worse, even after the delayed discovery (it took over 3 months for the Defendants to uncover the breach) and the delayed disclosure (it took the Defendants approximately 2 weeks to inform the public) of the Data Breach, the Defendants have shown little remorse and have attempted to shift the blame for their own failings to their Internet Service Provider and have left their customers on their own to deal with the security fallout, by giving no assistance to them (such as offering them a free Credit Monitoring and Identity Theft Protection Service),” asserts the data breach class action lawsuit.
The Fitness Depot data breach class action lawsuit seeks to represent those in Canada whose personal and private information was accessed in the data breach by hackers.
The plaintiff is seeking punitive, exemplary, and/or aggravated damages, as well as a court order declaring that Fitness Depot violated various information protection laws.
Were you impacted by the Fitness Depot data breach? Tell us what happened in the comment section below!
The lead plaintiff and proposed Class Members are represented by Jeff Orenstein and Andrea Grass of Consumer Law Group PC.
The Fitness Depot Data Breach Class Action Lawsuit is Garito v. Fitness Depot Inc., et al., Case No. CV-20-00083728-00CP, in the Ontario Superior Court of Justice, Canada.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.