Zoosk User Waived Right to Class Action in Data Breach Lawsuit

Zoosk customers have lost their bid for class certification in their data breach suit. A federal judge in San Francisco found that the lead plaintiff agreed to terms of use that waived her right to represent a class.

Juan Flores-Mendez and Tracy Greenamyer sued the online dating site following a massive breach in January 2020 in which a group called the “ShinyHunters” stole data from 30 million Zoosk users. Zoosk waited 22 days to notify its users of the breach, according to the complaint.

Zoosk argued that Greenamyer, who moved to be the sole representative of the proposed class, waived her rights to represent the class by signing the company’s terms of use, which contained a class action waiver.

Judge William Alsup of the US District Court for the Northern District of California rejected Greenamyer’s argument that Zoosk effectively waived enforcement of its class action waiver by never raising the issue over nearly two years of litigation. Zoosk raised this defense in February 2021, Alsup said.

In 2020, a group of Zoosk users filed a lawsuit against the dating platform and Spark Networks in response to a massive data breach earlier in the year.

It was discovered in May 2020 that the private information of 30 million Zoosk members, approximately 85% of its entire community, was up for sale on the dark web. A hacker group known as ‘ShinyHunters’ stole almost 200 million records from at least 13 companies.

The plaintiffs accused Zoosk of violating California’s Consumer Privacy Act and Unfair Competition Law. They are demanding a jury trial.

ShinyHunters was allegedly selling Apple ID usernames and passwords for an average price of $15.39, but were also listing some records for as much as $500.

Spark Networks sent email notifications to all the users that were affected by the breach. However, Flores-Mendez and Collins are claiming that they were not notified within reasonable time and are now living with the threat of credit card fraud and identity theft.

They also believe that the dating platform did not “maintain reasonable security controls” and was actually aware that it was susceptible to an attack of this scale.

Zoosk admitted that it did not learn of the breach until the news was publicly reported.