Bumble Faces Lawsuit Over “Preventable” Data Breach

Bumble is the target of a new class-action lawsuit filed in Texas earlier this February, alleging that the company failed to adequately protect user data during a recent cyberattack attributed to the ransomware group ShinyHunters. Plaintiff Tyra Omirin claims the breach exposed over 30 GB of records, potentially including full names, Social Security numbers, and dating preferences, and describes the incident as “massive and preventable.”

According to the complaint, Bumble “intentionally, willfully, recklessly and/or negligently” neglected to implement reasonable security measures, such as proper encryption protocols – even for internal use – and failed to prevent unauthorized data disclosure. Omirin argues she would not have paid for a Bumble subscription had she known her personal information was not reasonably safeguarded. She seeks damages for lost time, inconvenience, anxiety, privacy loss, and increased risk of identity theft or fraud.

Bumble responded to the incident by stating its InfoSec team “quickly detected and eliminated the access,” contained the breach, engaged external cybersecurity experts, and notified law enforcement. The company emphasized that no member database, accounts, direct messages, or profiles were accessed. Match Group, parent of Tinder, Hinge, and OkCupid, was also impacted, with approximately 10 million records containing personally identifiable information (PII) compromised. Match Group noted that logins, financial data, and private messages were not exposed and said it would notify affected users if private data was involved.

Data breaches in dating apps carry unique emotional and financial consequences. Exposed information – addresses, routines, sexual preferences – can lead to identity theft, extortion, or targeted harassment. Omirin’s filing highlights long-term risks: “Once (personally identifying information) is stolen… damage to victims may continue for years.”

As AI-powered scams and deepfakes grow more sophisticated, the incident underscores the need for stronger, proactive defenses across the sector. While Bumble maintains robust safety tools (Private Detector, consent guides, scam education), the lawsuit questions whether such features sufficiently protect underlying user data, especially given that data breaches are often the result of very small or specific errors in a platform’s overall security structure (for example, easily-guessed admin passwords or improper data disposal).