Albertsons Data Breach: Class Action Lawsuit at least $5m

A class action lawsuit has been filed in the state of Idaho against Albertsons Companies, Inc., alleging that the company failed to protect the personal information (PII) of its customers. The plaintiff, Maryelin Alberto, claims that Albertsons did not exercise due care in collecting, storing, and safeguarding consumer PII and failed to take commercially reasonable steps to protect it.

How did Albertsons Allegedly Fail to Protect Customer PII?

In this case, several laws related to data protection and privacy have been cited as allegedly being violated by Albertsons. These laws generally require companies like Albertsons to exercise due care when handling sensitive customer data such as PII and implement appropriate security measures to safeguard it from unauthorized access or disclosure.

Additionally, there may be other federal or state-specific regulations applicable in this case that mandate timely notification of affected individuals in case of a data breach. Failure to comply with these legal requirements could expose a company like Albertsons to liability for negligence or other causes of action brought by affected consumers.

What Are The Specific Allegations Against Albertsons?

The lawsuit makes several specific allegations against Albertsons related to its handling of customer PII. First and foremost is the claim that they owed a legal duty to their customers (the plaintiff and class members) to exercise due care in collecting, storing, and safeguarding their personal information.

The second allegation is that their security measures were not reasonable considering best practices recommended by data security experts. Thirdly, it is alleged that their failure to institute adequate protective security measures amounted to negligence on their part. Fourthly is an allegation regarding their failure to take commercially reasonable steps to safeguard consumer PII. Finally, the fifth count alleges that adherence to FTC data security recommendations and measures recommended by data security experts would have reasonably prevented the data breach.

Who Are The Class Members?

The class members are individuals whose personal information was compromised in the alleged data breach. All class members had their PII stored on Albertsons' computer systems and were unlawfully accessed in the same manner. The class is open to individuals in all states, with no specific criteria for membership other than having had their PII compromised as a result of the alleged breach.

It is important to note that while this lawsuit seeks relief on behalf of a large group of affected consumers, each individual's experience and potential damages may vary depending on factors such as the nature and extent of their personal information exposure or any resulting harm they may have suffered as a result.

What Damages Is The Plaintiff Seeking?

The plaintiff is seeking various forms of relief against Albertsons, including requiring them to implement and maintain a comprehensive Information Security Program designed to protect the confidentiality and integrity of customer PII. They are also requesting that Albertsons be prohibited from maintaining customer PII on cloud-based databases.

In addition to these non-monetary remedies, it can be assumed that if there is no specific dollar amount stated in the complaint, at least five million dollars in damages will be sought for the plaintiff and class members.

• Requiring Albertsons to engage independent third-party security auditors/penetration testers as well as internal security personnel for periodic testing
• Ordering Albertsons to promptly correct any problems or issues detected by such third-party security auditors
• Mandating automated security monitoring by independent third-party auditors and internal personnel
• Auditing, testing, and training their security personnel regarding new or modified procedures

What Could Be The Next Steps In The Case?

As this lawsuit is still in its early stages, there are several potential outcomes and next steps. It is possible that the case could proceed to discovery, where both sides gather evidence to support their claims and defenses. Alternatively, the parties may engage in settlement discussions to explore the possibility of resolving the dispute without going through a full trial process.

If the case does proceed to trial, it will be up to a judge or jury to determine whether Albertsons indeed violated any laws as alleged by the plaintiff and whether they should be held liable for any damages suffered by affected consumers. Regardless of how this case ultimately unfolds, it serves as a reminder of the importance of data protection and privacy practices for businesses handling sensitive customer information.