FabFitFun, a fashion and beauty subscription service, settled claims that it failed to adequately protect and secure consumer data resulting in a data breach for a sum of $625,000 in the U.S. District Court for the Central District of California. In addition to agreeing to the monetary settlement, FabFitFun agreed to implement security measures, including engaging a third-party cybersecurity forensic vendor to conduct a risk assessment, offer multi-factor authentication for customers to access their accounts, and hire additional security and technical personnel to assist in building a more robust data privacy and security program for the company.

Plaintiff Cheryl Gaston sued FabFitFun in October 2020, alleging that the company failed to protect its customers’ data against hacker data scraping that compromised payment card information.

The settlement class includes 441,000 consumers; the deadline for individuals to opt-out of the settlement was June 16, 2021. To date, the claims administrator has not received any objections and only five (5) opt-out requests.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.