Hot Topic Data Breach Puts 57 Million Customers at Risk of Identity Theft Featured
A class action lawsuit alleges that Hot Topic failed to properly secure and safeguard the sensitive personal and financial information of its customers and loyalty account members during an October 2024 data breach.
The new class action claims that Hot Topic and fellow retailer Torrid Inc., were entrusted with sensitive personal identifying information (PII) of their customers and loyalty awards members with the understanding they would protect this information against disclosure.
The lawsuit argues that the breach was “foreseeable and preventable,” with both companies allegedly negligent in their duty to safeguard sensitive data according to industry and federal regulated standards.
What Happened?
The breach was traced back to a password-stealing malware infection on a third-party vendor’s system, allowing hackers access to Hot Topics Snowflake Cloud account. This account, used for data storage, lacked multi-factor authentication (MFA), making it vulnerable to intrusion.
What Information was Stolen During the Breach?
According to HIBP, the exposed details include full names, email addresses, dates of birth, phone numbers, physical addresses, purchase history, and partial credit card data for Hot Topic, Box Lunch, and Torrid customers.
A hacker known as “Satanic” claimed responsibility, offering the stolen data for sale on dark web forums, with initial prices of $20,000, later reduced to $4,000.
What is Hot Topic and Torrid Inc. Doing to Protect my Identity?
Hot Topic and Torrid have not been forthcoming about the breach despite it occurring in October 2024. Noteworthy is that Hot Topic also experienced a credential-stuffing attack in late 2023, raising concerns about its overall cyber security strategy. The repeated breaches have left many questioning its commitment to customer privacy.
Customers were notified through third-party services like Have I Been Pwned, but critics argue that the company’s direct response has been insufficient. Transparency and timely communication are essential during incidents of this magnitude.
The firm has set up a site that allows Hot Topic customers to check if their email address or phone number is exposed in the data leak.
What Can Hackers Do With My Information?
Stolen PII can be used to commit identity theft, open new credit accounts, make unauthorized purchases or obtain loans. Cybercriminals have recently targeted America’s essential industries and in so doing have forced millions of Americans to face the fallout from these attacks.
Leaked or stolen data can be sold on the dark web forums and may be used for fraud and medical identity theft, a type of fraud, where threat actors use stolen information to submit forged claims to insurers.
Clients affected by the breach are exposed to a heightened and imminent risk of fraud and identity theft. They must now and in the future closely monitor their financial accounts to guard against identity theft and fraud.
If you were notified that your information may be at risk as a result of the Hot Topic / Torrid Inc. data breach, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options at no cost to you. For more information, please review these recommendations.
Protect Your Identity. Join the Hot Topic / Torrid Inc. Data Breach Class Action.
The lawsuit alleges that defendants Hot Topic and Torrid Inc. breached their duties under common law and the Federal Trade Commission Act to implement reasonable security measures, comply with industry standards and federal data-security regulations, encrypt sensitive data, and provide adequate and timely notice of the breach.
If you receive a notification letter or are a customer or loyalty program member of Hot Topic, Torrid Inc., you are at permanent risk of identity theft and the devastating financial and legal consequences that go along with it.
You may be eligible to participate in a class action lawsuit to recover compensation for loss of privacy, time spent dealing with the breach, out-of-pocket costs, and more.
The lawsuit looks to cover anyone in the USA whose private information was compromised by the breach that occurred at Hot Topic / Torrid Inc on October 19, 2024.
Please complete the form shown on this page and a data breach attorney will contact you. There is no cost to you.