Logan Aldridge, a customer of PurFoods LLC, also known as Mom's Meals, has filed a lawsuit against the company in the United States District Court for the Southern District of Iowa. The suit, lodged on September 13, 2023, alleges that PurFoods failed to adequately secure and safeguard its network, leading to a data breach that affected over 1.2 million individuals.
Aldridge's complaint paints a picture of a company that failed to protect its customers' sensitive information from a data breach and then delayed notifying those affected for over seven months. According to the lawsuit, the investigation into the breach concluded on July 10, 2023. Even then, Aldridge alleges, PurFoods failed to disclose the exact nature of the unauthorized access to and disclosure of the Private Information.
"PurFoods failed to implement and maintain reasonable security measures, resulting in the unauthorized access and disclosure of Private Information," according to the lawsuit. This alleged negligence forms the crux of Aldridge's case, which also includes claims of breach of implied contract and unjust enrichment, breach of confidence, bailment, and breach of implied covenant of good faith and fair dealing.
The plaintiff argues that PurFoods' failure to protect its customers' data constitutes a breach of its duty to implement and maintain reasonable security measures. They claim this violates Section 5 of the Federal Trade Commission (FTC) Act, which prohibits unfair or deceptive acts or practices in or affecting commerce. The lawsuit also alleges that PurFoods attempted to suppress information related to the data breach by using "noindex" code on its breach notice webpage, a move that could potentially hinder search engines from indexing the page.
Aldridge's lawsuit seeks to represent a nationwide class of all individuals whose private information was accessed during the data breach. The plaintiff and the proposed class seek various damages, including declaratory relief, injunctive relief, monetary damages, statutory damages, punitive damages, equitable relief, and all other relief authorized by law.
The lawsuit is another vivid picture of the harm caused to plaintiffs impacted by data breaches. Aldridge claims that the data breach has resulted in financial losses, emotional distress, and an ongoing risk of identity theft. The plaintiff alleges that the stolen Private Information, known as "Fullz," is highly valuable on the black market and can be used for various fraudulent activities, including identity theft.
In the wake of the alleged data breach, Aldridge and others have had to bear the cost of credit monitoring and identity theft protection services. The lawsuit quotes Aldridge as saying, "The risk of identity theft to the plaintiff and class members is present and ongoing, requiring them to spend time and effort to mitigate the potential fraud and identity theft."
The lawsuit against PurFoods is a stark reminder of the potential consequences of failing to protect customer data adequately. As the case unfolds, it serves as a cautionary tale for businesses about the importance of robust data security measures and the potential legal and reputational fallout of failing to safeguard customer information.