PupBox Faces Investigation for Data Breach Impacting More Than 30,000 Customers
Schubert Jonckheer & Kolbe LLP is investigating a recent data breach affecting the payment card information of more than 30,000 customers of PupBox, Inc., a subsidiary of Petco Health and Wellness Company, Inc. (NASDAQ: WOOF).
On October 2, 2020, PupBox announced that its website, PupBox.com, where dog owners can subscribe to receive monthly shipments of food, treats, and merchandise, was the target of a months-long data breach affecting more than 30,000 of its subscribers. The breach resulted from an unauthorized website plug-in that potentially exposed subscribers’ names, addresses, email addresses, passwords, credit card numbers, credit card expiration dates, and credit card CVV codes. According to the company, fraudulent activity may have already occurred on credit cards used on the PupBox website during the relevant period.
The Schubert Firm is investigating the conduct and cybersecurity practices of PupBox and Petco in relation to the breach. Of particular concern, the malicious plug-in was active on the PupBox website for nearly six months between February 11 and August 9, 2020. Furthermore, the company waited at least a month to notify victims after learning the full extent of the breach.
If you are a PupBox customer and wish to obtain additional information about your legal rights—or would like to participate in the class action lawsuit—please complete the form below for a free legal consultation.
