Bloomberg Law
Free Newsletter Sign Up
Bloomberg Law
Advanced Search Go
Free Newsletter Sign Up

Walmart Faces Data-Breach Suit Under California Privacy Law (1)

July 14, 2020, 5:49 PMUpdated: July 14, 2020, 8:44 PM

Walmart Inc. is accused in a proposed class action of violating California’s privacy law by failing to protect customer data from an alleged hack.

Customers face “significant injuries and damages,” such as having their data on the dark web, as a result of a breach the complaint says occurred, according to the suit filed in the U.S. District Court for the Northern District of California.

California’s privacy law, which took effect Jan. 1, increases the risk of payouts following security breaches because it added a private right to sue and statutory damages of up to $750 per customer, per incident.

Walmart joins dozens of companies sued under the law since it took effect. Others include Inc., Clearview AI Inc., Minted Inc., and Sunshine Behavioral Health Group LLC.

Hackers allegedly accessed Walmart’s website to obtain names, addresses, financial data, and other information, according to the July 10 complaint, which didn’t specify when such an incident occurred.

“The fact that Walmart’s systems are quite vulnerable to a hack evidences that Walmart was hacked,” the plaintiff, Lavarious Gardiner, wrote.

Plaintiffs in data breach cases must show harm to beat early challenges to their claims. Gardiner wrote that the breach forced him to incur out-of-pocket expenses and spend time and effort to limit identity theft risks, according to the complaint.

Causes of Action: Violation of the California Consumer Privacy Act; violation of the California Unfair Competition Law; negligence; breach of implied contract; and breach of contract

Relief: Compensatory damages; order requiring reasonable security practices; court costs; and attorneys’ fees

Potential Class Size: “At least in the thousands,” according to the complaint

Response: “Protecting our customers’ data is a top priority and something we take very seriously,” a Walmart representative said in an emailed statement. “We dispute the plaintiff’s allegations that the failure of our systems played any role in the public disclosure of his personally identifiable information.”

Walmart intends “to defend the company against the claims and will respond as appropriate with the court,” according to the statement.

Attorneys: Wilshire Law Firm represents Gardiner. Counsel for Walmart couldn’t be immediately identified.

The case is: Gardiner v. Walmart Inc., N.D. Cal., No. 20-cv-04618, complaint 7/10/20.

(Updates with Walmart comment, other CCPA cases)

To contact the reporter on this story: Daniel R. Stoller in Washington at

To contact the editors responsible for this story: John Hughes at; Keith Perine at