Nuna Baby Essentials Data Breach: Cybersecurity Investigation
Updated: Apr 7
Nuna Baby Essentials reported a potential information security incident after finding malicious code on its website present between March 26, 2020 and April 7, 2021.
Notice Date: January 21, 2022
Information Potentially Compromised:
• Credit or debit card numbers
• Expiration date
• CCV/CVV code
• Billing address
• Shipping address
Credit Monitoring Offered? Yes, Nuna is offering one year of free membership in Experian’s
Enrollment Deadline Listed in Notice – April 30, 2022
To view the Nuna Data Breach Notice click here.
California Laws That Protect Data Breach Victims
California residents who received a Nuna Baby Essentials Data Breach Notice may be entitled to between $100 and $750 or their actual damages, whichever is greater. ¹
The California Customer Records Act (CCRA) requires businesses to put into place and maintain reasonable security procedures and practices that protect a consumer’s personal information. More comprehensively, the California Consumer Privacy Act (CCPA) contains many protections for the personal information of California residents.
For example, if credit card numbers, names and other types of personal information are disclosed, stolen, or hacked because a business didn’t fulfill its obligation to create and keep reasonable security, affected California residents can sue to protect their rights under the CCPA and CCRA.
Participants in data breach lawsuits can recover damages, injunctive relief (to make sure that the business has reasonable security practices to protect consumer data from being leaked again) and anything else a court concludes is necessary to compensate data breach victims and prevent these harms from occurring again.
A team of experienced attorneys is currently investigating whether Nuna Baby Essentials
violated its obligation to maintain reasonable security procedures and practices to protect its customers’ personal information. To contact someone on our team, click here.
I hear about data breaches all the time, is there any point in trying to do something about it?
Yes. Seemingly innocuous personal information, like your zip code, gender and hobbies, can be combined with other data compiled by data brokers or other public information to identify you. A mere 3 credit card purchases (showing the date, location & price) have been shown to be enough to reveal all of a consumer’s purchases from a data set of 1.1 million people with over 90% accuracy.² Compromised data also increases the risk of hacking, phishing, and increased anxiety over future losses and identity theft.
How do I know if my identity has been stolen?
Signs that your identity may have been stolen include: o you see unfamiliar charges on your credit or debit cards o you have bank account withdrawals that you can’t account for o you are getting medical bills for services you didn’t get o you are getting called by debt collectors for debts that aren’t yours o shops won’t take your personal checks o you stop getting bills that you usually get in the mail o you get a notice from that IRS that (1) there is more than one tax return filed in your name or (2) you have income you failed to report and don’t recognize³ o your email address or phone number come up on http://haveibeenpwned.com/ as part of a data breach
What steps can I take to safeguard my data from cyber-thieves?
Nuna suggests in its Data Breach Notice that you should: (a) Review your credit reports (b) Review your account statements (c) Remain vigilant and respond to suspicious activity (d) Consider placing a "fraud alert" with one of the three nationwide credit bureaus (e) Be aware that you have the right to place a “security freeze” on your credit report⁴
What Is The Difference Between A “Credit Freeze” and A “Fraud Alert”?
A credit freeze the strongest step you can take to prevent fraudulent accounts being opened under your name. A credit freeze prevents a credit bureau from sharing your information with others. You can put a credit freeze in place with each of the three major credit bureaus by using the following links: Equifax, Experian, and Transunion. If you put on a credit freeze, no one will be able to open new credit accounts in your name. You can still use your active credit cards with a freeze in place. It costs nothing to put a credit freeze in place, lasts indefinitely, and will not affect your credit score. However, if your credit card information has been compromised, a credit freeze will not prevent a cyber-thief from making purchases with your stolen card. Cancelling the card and getting a new card with a different number is the only way to stop such transactions from taking place. You can also place a fraud alert on all of your credit reports. Fraud alerts are free and are a flag for potential credit providers that you may have been a victim of identity theft. They allow you to apply for new credit cards and other forms of credit without having to unfreeze your account. Fraud alerts can last one to seven years, and can be lifted by you at any time. Once you put a fraud alert in place at one credit bureau, it will alert the other two for you.You can put a fraud alert in place with any of the three major credit bureaus by using the following links: Equifax, Experian, and Transunion.
If my credit/debit card number was stolen, do I need to get a new card?
That is definitely something to consider doing ASAP. While there are laws that may eliminate or reduce your liability for fraudulent charges made on stolen cards, these laws often have time limits. For example, under the Fair Credit Billing Act, you only have 60 days to dispute an unauthorized charge on your credit card.
If you follow the correct procedures (the FTC has outlined them here) within 60 days of you billing date, and only your credit card number was stolen (not the card itself), you aren’t liable for any of the fraudulent charges. Liability limits are different for physical credit cards and ATM/Debit cards. For a summary of these limits please click on the following link.
What do I do if I think I am the victim of identity theft?
The Federal Trade Commission has created a website to guide you through the process of reporting identity theft and creating an action plan. That link can be found here.
The California Attorney General’s Office has also put together an Identity Theft Victim Checklist to help identity theft victims clear up their records.⁵
We Can Help You Exercise Your Rights
Every case is unique. Even when your data has been part of a breach, you may not necessarily be awarded compensation. Experienced data breach class action attorneys can help you exercise your rights and evaluate your options and decide whether you are entitled to compensation under the CCPA. There are no out of pocket costs to you, as we only get paid if we prevail.
For more information on your legal options, please contact us using the form found here
Links on this website are not intended to be referrals to or endorsements of the linked entities or imply any relationship to the linked site or its operator.
¹ California Civil Code § 1798.150 ² Source: De Montjoye, Yves-Alexandre, et al. "Unique in the shopping mall: On the reidentifiability of credit card metadata." Science 347.6221 (2015): 536-539. ³ https://www.consumer.ftc.gov/blog/2022/02/how-tell-if-someone-using-your-identity ⁴ Nuna Baby Data Breach Notice ⁵ https://oag.ca.gov/idtheft/facts/victim-checklist