Weeks ago, the hacker group ShinyHunters claimed to breach the likes of Panera Bread, Match Group, and the dating app Bumble. Now, a Texas woman is suing Bumble, claiming that the app failed to protect her and other users' personal information.
The complaint states that in January, ShinyHunters infiltrated Bumble's "inadequately protected network servers and accessed highly sensitive PII [personal identifiable information] which was being kept unprotected." In this case, PII could include full names, birth dates, addresses, home and cell phone numbers, Social Security numbers, and account numbers.
ShinyHunters claimed it stole 30GB of Bumble data, according to Cybernews. A Bumble spokesperson told Cybernews at the time, "Our InfoSec team quickly detected and eliminated the access, and the incident is contained. We have engaged external cybersecurity experts to investigate and have notified law enforcement. Importantly, there was no access to our member database, member accounts, the Bumble application, or member direct messages or profiles."
The suit, filed on Feb. 19 in the Western District of Texas (Bumble is headquarted in Austin), alleges that Bumble "disregarded the rights of" plaintiff Tyra Omirin and proposed class members by "intentionally, willfully, recklessly and/or negligently failing to take and implement adequate and reasonable measures to ensure that [their] PII was safeguarded, failing to take available steps to prevent an unauthorized disclosure of data, and failing to follow applicable, required and appropriate protocols, policies and procedures regarding the encryption of data, even for internal use."
As a result, the suit states, their personal data was compromised. Omirin had to spend time verifying the data breach, monitoring her credit and personal accounts, exploring identity theft insurance, and seeking legal counsel. Omirin paid Bumble under the belief that the app would protect her personal information, and the complaint states that she wouldn't have if she had known Bumble wouldn't "reasonably and adequately protect" this data.
She has "suffered lost time, annoyance, interference and inconvenience as a result of the Data Breach and has anxiety and increased concerns for the loss of privacy, as well as anxiety over the impact of cybercriminals accessing, using and selling" her information, the suit states.
In addition to damages, Omirin is seeking relief requiring Bumble to protect all data, including by encrypting it, to delete her and class members' data unless Bumble can provide a "reasonable justification" for retaining it, to require third-party security audits, and to establish an information security program.
Mashable has reached out to Bumble for comment.