Samsung collected too much personal data from its customers and failed to adequately secure it, resulting in two data breaches this year and potentially millions of people harmed, according to a class action lawsuit filed in September.
The lawsuit, filed in the U.S. District Court for the Northern District of California, alleges that Samsung violated the California Consumer Privacy Act (CCPA) by failing to protect the personally identifiable information (PII) of California residents. The two lawsuit plaintiffs, on behalf of the class, question whether Samsung “has implemented and maintained reasonable security procedures and practices appropriate to the nature of the information to protect PII under the CCPA.”
The lawsuit also alleges violations of Michigan’s Identity Theft Protection Act for Samsung’s failure to timely disclose the second of two violations suffered this year.