A 34-page class action was filed against Blackhawk Network for a data breach that occurred on MyPrepaidCenter.com in September of this year. The plaintiffs allege that Blackhawk Network’s failure to prevent or detect this incident was “particularly egregious” since it operates a website where consumers can activate and manage prepaid gift cards, which requires collection of lots of sensitive and high-risk data.

The incident involved unencrypted and unredacted names, email addresses, telephone numbers, and payment card data (such as card numbers, expiration dates, and CVV codes). The complaint states that Blackhawk had “blocked” the impacted prepaid cards, but did not address the data involved in the breach.

The plaintiffs further allege that as a result of this incident and Blackhawk’s failure to prevent or detect the incident, MyPrepaidCenter.com users have and will incur “real and imminent harm” such as unauthorized credit card charges, theft of their personal information, loss of use and access to financial accounts, loss of time, and future risks related to the unauthorized access to their data by cybercriminals.

This incident comes shortly after Blackhawk Network announced a similar breach in August 2020, when it detected suspicious activity on GiftCards.com. The action identifies the class as all users who were impacted by the September 2022 breach, including all individuals who received notification from Blackhawk.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.