A 34-page class action was filed against Blackhawk Network for a data breach that occurred on MyPrepaidCenter.com in September of this year. The plaintiffs allege that Blackhawk Network’s failure to prevent or detect this incident was “particularly egregious” since it operates a website where consumers can activate and manage prepaid gift cards, which requires collection of lots of sensitive and high-risk data.

The incident involved unencrypted and unredacted names, email addresses, telephone numbers, and payment card data (such as card numbers, expiration dates, and CVV codes). The complaint states that Blackhawk had “blocked” the impacted prepaid cards, but did not address the data involved in the breach.

The plaintiffs further allege that as a result of this incident and Blackhawk’s failure to prevent or detect the incident, MyPrepaidCenter.com users have and will incur “real and imminent harm” such as unauthorized credit card charges, theft of their personal information, loss of use and access to financial accounts, loss of time, and future risks related to the unauthorized access to their data by cybercriminals.

This incident comes shortly after Blackhawk Network announced a similar breach in August 2020, when it detected suspicious activity on GiftCards.com. The action identifies the class as all users who were impacted by the September 2022 breach, including all individuals who received notification from Blackhawk.