Lulus.com Hit with Class Action over Customer Doxing Claims

In the bustling world of online fashion retail, Lulu's Fashion Lounge, LLC, a Delaware entity doing business as Lulus.com, is now facing a class-action lawsuit. The suit, filed on September 27, 2023, alleges that the fashion retailer has been breaching its users' privacy rights in a rather alarming manner.

The plaintiff, Miguel Esparza, alleges that Lulus.com has been using surveillance tools on its website to identify and 'dox' anonymous visitors. The term 'dox' refers to the public disclosure of private or identifying information about an individual without their consent. Esparza further alleges that the company has been enabling third parties to wiretap and eavesdrop on conversations conducted through the website's chat feature. According to the lawsuit, "Defendant's conduct includes de-anonymizing internet users and collecting personal information without consent." This alleged conduct violates the rights to privacy and online anonymity, which are increasingly recognized as fundamental rights in the digital age.

The complaint further alleges that Lulus.com's chat feature is secretly monitored, intercepted, and recorded without informing visitors. According to the plaintiff, this is a clear violation of the California Invasion of Privacy Act (Cal. Penal Code § 631(a) and § 632.7), which prohibits the interception or recording of confidential communications without the consent of all parties involved.

Moreover, the lawsuit alleges that the company's actions violate the California Unauthorized Access to Computer Data Act (Cal. Penal Code § 502). This law is designed to protect individuals from unauthorized access to their computer data and systems and carries both civil and criminal penalties. The plaintiff also claims that Lulus.com's actions violate the privacy protections enshrined in the California Constitution, Article I, § 1. This provision guarantees the right to privacy, which the plaintiff alleges has been grossly violated by the company's alleged conduct.

The lawsuit seeks injunctive relief, statutory damages, actual damages, and punitive damages. Injunctive relief would require the company to stop its alleged practices, while statutory damages are fixed amounts the law provides for in response to specific violations. Actual damages would compensate the plaintiff and class members for any harm they have suffered due to the alleged conduct, and punitive damages would punish the company and deter similar behavior in the future.

Esparza's lawsuit represents all persons within the United States who visited Lulus.com and were allegedly exposed to the company's wrongful conduct. This class-action suit aims to hold the company accountable for its alleged violations of privacy rights, unauthorized access to computer data, and constitutional rights.

The lawsuit paints a picture of a company that allegedly took advantage of its users' trust for its gain. It tells a story of alleged invasion of privacy, de-anonymization, and unauthorized surveillance. It is a reminder of the importance of privacy rights in the digital age and the need for companies to respect them.