In May 2020, dating website and app Zoosk was the subject of a cyber-attack. The incident, which was carried out by hacking group ShinyHunters, resulted in the exfiltration of 30 million user records. This data was then posted for sale on the dark web.
The information stolen in the hack included: names, dates of birth, gender, email addresses, family structure, drinking habits, education level, geographic locations, password information, income levels, nicknames, physical attributes, relationship statuses, and smoking habits. Further, data relating to religion, ethnicity, political views, and sexual orientation was also exfiltrated. No payment or credit card information was compromised.
The data breach was big news in the US, with users warned to change any accounts using the same password. Zoosk users were also advised to be wary of any unsolicited communications – especially those purporting to come from Zoosk – as cybercriminals routinely launch phishing and scam attempts using stolen data.
However, despite being a global dating service that matches “singles all around the world,” Zoosk has not announced the data breach in the UK, so many people could have had their data stolen, and not know it.
KP Law is investigating this breach
In July 2020, a US class action lawsuit was launched over the Zoosk data breach[1]. The plaintiffs in this case allege that Zoosk failed to adequately safeguard sensitive data and maintain proper measures to detect hacking and intrusion. It is alleged that Zoosk did not learn that its customer records were stolen until the hack was publicly reported, and that it “should have had breach detection protocols in place. If it had, it could have learned of the breach and alerted customers much sooner.”
At KP Law, we believe that by not reporting this data security incident in the UK, Zoosk has put users here in similar danger from possible fraud and cyberattacks. Worse, these users have been vulnerable for almost two years.
As such, we would advise all UK users of Zoosk to take adequate steps to protect themselves.
Join our Zoosk data breach action
KP Law is currently working closely with cyber security experts to find out exactly how this breach impacts users in the UK. If – as we suspect – these users are at risk, we will launch a group action claim in England & Wales.
We strongly urge anyone who used Zoosk during or prior to May 2020 to register with us and we will keep them updated as developments unfold. There are no costs to register and no obligation to proceed.
[1] Flores-Mendez et al. v. Zoosk, Inc. et al.