The Hanna 2019 Breach: Consumers get $38.00 for a breach of the “fullz.”
This case in a nutshell
This case is based on a web scraping/skimming data breach perpetrated against retailer Hanna Andersson (“Hanna.”) Hanna sells high-end children’s clothing and has extensive presence online at www.hannaandersson.com and, as of 2020, Hanna’s annual sales were estimated to be over $140 million.
Hanna used the Salesforce Commerce Cloud, which provides a cloud-based unified ecommerce platform ( platform as a service or “PaaS”), with mobile, AI personalization, order management capabilities, and related services for business to customer (“B2C”) and business to business (“B2B”) companies.
Practically speaking, the Salesforce’s platform was taking the key payment and shipment information affected by the breach directly from the customer. Because the platform was infected with malware, the hackers were able to exfiltrate personal, shipping, and payment information (including payment card number, CVV code, and expiration date.)
Hanna did not detect this breach on its own, nor did Salesforce notify Hanna about it. Law enforcement found the stolen shipping and payment information in the dark web and notified Hanna.
While class members would have the option under the settlement of claiming a…
