In 2020, dating website and app Zoosk was the subject of a cyber-attack. The incident, which was carried out by hacking group ShinyHunters, resulted in the exfiltration of 30 million user records with approximately 85% of the platform’s community affected.
A wealth of information was stolen in the hack. And in the wrong hands, this could be used to carry out scams, financial fraud and identity theft. Following the breach, the data was listed on a popular cybercrime marketplace for $18,000 as part of a larger database.
The data breach was big news in the US, with users warned to change any accounts using the same password. Zoosk users were also advised to be wary of any unsolicited communications – especially those purporting to come from Zoosk – as cybercriminals routinely launch phishing and scam attempts using stolen data.
However, despite being a global dating service, which is available in over 80 countries, and which matches “singles all around the world,” Zoosk did not announce the data breach in the UK until later, and the breach did not get the same level of news coverage.
KP Law is launching an action to help those involved in the Zoosk data security failure. We strongly urge anyone who used Zoosk during or prior to January 2020, and who has been informed that their data was involved in this hack, to register with us and we will keep them updated as developments unfold.
IF YOU ARE AFFECTED BY THE ZOOSK DATA BREACH, CONTACT US TO MAKE A NO-WIN, NO-FEE COMPENSATION CLAIM.
Those affected by the Zoosk data breach are at serious risk of phishing attacks, fraud, and financial losses. Especially as they were not immediately warned that their information was at the mercy of cybercriminals.
The information stolen in the hack included: names, dates of birth, gender, email addresses, family structure, drinking habits, education level, geographic locations, password information, income levels, nicknames, physical attributes, relationship statuses, and smoking habits. Further, data relating to religion, ethnicity, political views, and sexual orientation was also exfiltrated. No payment or credit card information was compromised.
Those affected by the incident could have a compensation claim.
REGISTER TO FIND OUT MORE ABOUT THE ZOOSK UK ACTION.
Following the breach, the private and personal data of millions of Zoosk users was put up for sale on the dark web. In the wrong hands, this information could be used to carry out scams, financial fraud, romance fraud, and identity theft.
As victims of data breaches often become the target of cybercriminals, we advise anyone who might be involved in this risk to take immediate steps to protect themselves.
Find out more about making a group action claim for compensation.
What does no-win, no-fee actually mean and are there really no costs if you appoint us?
We are one of the most experienced multi-claimant law firms in the UK.
We represent clients in group actions with innovation, resources, and expertise.
We work with expert barristers to ensure you get the very best level of legal support available.
We have all the resources and global expertise necessary to take on complicated cases and win.
We have offices in Chancery Lane London, Birmingham and Liverpool, and the technology to provide a nationwide service, so we can help clients across England & Wales.
We use technology to deliver a better legal experience to our clients.
We work on a no-win, no-fee basis.
We make the process straightforward and hassle-free.
Following the Zoosk data breach, KP Law launched a group action to help victims of this privacy violation claim compensation. Here’s a guide to the Zoosk data breach to help you find out if you have a claim, and what you need to do to secure justice for the violation of your data protection rights.
In May 2020, the dating website and app Zoosk was the subject of a cyber-attack. The incident, which was carried out by hacking group ShinyHunters, resulted in the exfiltration of 30 million user records.
Following the breach, the stolen data was listed for sale on a dark web cybercrime marketplace. If you used Zoosk during or prior to January 2020, you could be affected by this breach.
In its notification email to clients, Zoosk admitted that: “The database contained certain information you may have included in your online Zoosk profile, such as name, email address, date of birth, generalised demographical information, gender search preferences, and other profile information such as religious or political preferences. While not confirmed, passwords may also have been affected.”
While Zoosk was the victim of a cyber-attack, it controlled your personal information and had a duty to look after it. If poor security processes allowed the breach to happen, which we believe they did, Zoosk is responsible and must be held to account.
The data breach was big news in the US, with users warned to change any accounts using the same password. Zoosk users were also advised to be wary of any unsolicited communications – especially those purporting to come from Zoosk – as cybercriminals routinely launch phishing and scam attempts using stolen data.
However, despite being a global dating service, Zoosk did not announce the data breach in the UK until later, and the breach did not get the same level of news coverage. This delay and lack of publicity could have put UK users at additional risk of possible fraud and cyberattacks.
In July 2020, a US class action lawsuit was launched over the Zoosk data breach. California residents who had their personal information compromised alleged that Zoosk failed to adequately safeguard sensitive data and maintain proper measures to detect hacking and intrusion. They appealed to the Court to have their claims addressed in a class action lawsuit.
We are launching a similar action to help those involved in the Zoosk data security failure in England and Wales. The US bid for class certification was rejected by a federal judge because Zoosk’s T&Cs contain a class action waiver. However, data privacy laws are different in the UK.
Those affected by the Zoosk data breach are at serious risk of phishing attacks, fraud, and financial losses. The majority of our clients in this case have also experienced some form of personal distress/stress.
A data breach can result in both financial and identity theft. With enough stolen information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts, use your cards to make payments, and access your existing accounts.
Criminals use financial data in scams designed to extract additional information from victims (e.g., banking passwords). And hackers often sell stolen financial data to other criminals for future scams.
Even if no money is lost, the impact of a financial data breach can be significant. Many victims suffer from stress, anxiety, and distress due to living with the added risk and the extra vigilance needed. Thankfully, over the last few years, people have been waking up to the reality of mental health, and there is a greater awareness of the lasting effects of psychological suffering and anguish.
Because victims of the Zoosk data breach were users of a dating website/app, romance scammers could target them. To avoid becoming a victim of this type of cybercrime, if you are affected by the Zoosk hack, you should:
Our data protection solicitors have listed some helpful links to ensure victims of the Zoosk data breach know where they can turn.
The leading independent victim’s charity in England and Wales for people affected by crime and traumatic incidents.
If you are struggling emotionally after a data breach, you can call the Samaritans free from any phone.
Advice, information, onward referral, and holistic support to people experiencing mental ill-health and drug/alcohol difficulties (which could be exacerbated following the Zoosk hack). The service can also support people who have been a victim of crime.
Victims of online offences such as scams and financial/identity fraud following the Zoosk data hack should contact Action Fraud to report their loss.
A source of unbiased, factual, and easy-to-understand information on online safety with guidance to protect you from fraud, identity theft and abuse.
Impartial advice to help everyone in the UK protect themselves against financial fraud.
At KP Law, we understand that choosing a data breach solicitor can be daunting. How do you know if it is the right firm for you, and can you be sure that you will not have to pay any unforeseen costs? To make the process a little bit easier, here are some questions you should ask when choosing a Zoosk data breach lawyer.
When making a data breach case, you must appoint an expert in this type of law. Data breach and cybercrime are relatively new and evolving areas of law, so it can be difficult to find specialist lawyers. At KP Law, we have a dedicated team of data protection experts who have been at the forefront of data breach legal services for several years. Because we have been doing this for longer than most, we lead our field when it comes to understanding the complexities involved and we know what it takes to make a successful data breach claim.
Make sure to appoint a data breach firm that offers its services on a full no-win, no-fee basis. Because if you do not win, you won’t have to pay a penny. That includes not having to pay the other side’s costs. At KP Law, we take out insurance to protect our clients from any such legal costs.
In some cases, the ‘success fee’ charged can be much higher than you expect. At KP Law, our success fee is competitive and there are no hidden fees or admin charges.
Several UK legal firms have knowledge of multi-claimant litigation (group actions), but ask any you are considering if they have specifically managed data breach group actions. At KP Law, we are currently managing several significant data breach group actions. And we have secured settlements against big players such as British Airways and Ticketmaster.
Large organisations are smarter and better resourced than ever before, and it is difficult for some law firms to stand up to such strength. At KP Law, we have the legal expertise and resources necessary to take on corporate giants with deep pockets. We support thousands of multi-claimant and group-action clients, and we can do the same for you.
To join our action, all you need is notification from Zoosk informing you that you were involved in the breach. But, as well as confirmation that you were involved in the breach, we will also ask you for some other evidence to ensure we make the strongest possible claim on your behalf.
Many of our clients have seen a rise in attempted phishing scams since the Zoosk data hack. If you have experienced phishing, or other scam attempts, that you believe are linked to this data breach, please make a note of these, and keep any evidence.
If you have experienced any financial loss because of this data breach, please make a note of this and keep any evidence (e.g., bank statements, correspondence, etc.). Even if your financial data wasn’t breached, you could still have lost money if a phishing scammer has used your personal data against you.
If you have experienced emotional distress because of this data breach, please make a note of this and keep any evidence (e.g. details about medical appointments/prescriptions that relate to this data breach).
Following a data breach, people often have to spend a significant amount of time on the phone with their bank and credit reference agencies. Sometimes, there are travel costs and medical expenses required. And it might be possible to add these to your claim.
It is not unusual that – on reviewing a data breach impact form – we uncover information that allows us to increase the value of a claim significantly. What might seem irrelevant to you could make a massive difference in the eyes of the law. So please keep a hold of anything that might be useful.
See our answers to the FAQs we get asked about the Zoosk data breach.
An unauthorised third party gained access to Zoosk data stored in a database hosted by a third party on or around 12 January 2020.
In May 2020, dating website and app Zoosk was the subject of a cyber-attack. The incident, which was carried out by hacking group ShinyHunters, resulted in the exfiltration of 30 million user records. This data was then posted for sale on the dark web.
The information stolen in the hack included: names, dates of birth, gender, email addresses, family structure, drinking habits, education level, geographic locations, password information, income levels, nicknames, physical attributes, relationship statuses, and smoking habits. Further, data relating to religion, ethnicity, political views, and sexual orientation was also exfiltrated. No payment or credit card information was compromised.
If you used Zoosk during or prior to January 2020, you could be affected by this breach.
Anyone who thinks they might be involved should take immediate steps to protect themselves.
KP Law is currently working closely with cyber security experts to find out exactly how this breach impacts users in the UK. If – as we suspect – these users are at risk, we will launch a group action claim in England & Wales. We strongly urge anyone who has received an email to notify them that their data was involved in the hack, to register with us and we will keep them updated as developments unfold. There are no costs to register and no obligation to proceed.
A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions, multi-claimant, or multi-party actions.
There are no costs to join a claim. However, if your claim is successful, you may have to pay a ‘success fee’. This fee is taken from the compensation awarded to you. Our success fee is competitive, and we make sure you are fully informed about any potential costs before you officially join our action. If you lose, you won’t have to pay a penny.
While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach, cybercrime or other GDPR violation:
With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.
GDPR failures, cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.
KP Law has some of the most skilled data breach lawyers in England and Wales. Here are just some of our success stories.
KP Law is a founding member of the Collective Redress Lawyers Association (CORLA). CORLA aims to improve access to justice for claimants by way of collective redress.
