In May 2020, dating website and app Zoosk experienced a cyber-attack. Due to alleged failings in Zoosk’s systems, hackers managed to steal 30 million user records from Zook and post them for sale on the dark web.
Following the breach, victims in the US were outraged, and many joined a class-action lawsuit to claim compensation from Zoosk for failing to “safeguard users’ sensitive data and maintain necessary measures to detect the hack”. But, despite the outcry across the pond, UK users did not attempt to claim compensation from Zoosk.
This failure to seek redress is not because UK victims were not eligible, or because Zoosk had not violated their data rights, but because they did not know about the breach. Zoosk simply did not let them know that their data was at risk.
As a consumer champion law firm, we are addressing this wrong, and we have now launched a no-win, no-fee group action to help those in England & Wales affected by the Zoosk data breach claim compensation.
You can find out more about our Zoosk data breach action here.
We strongly urge anyone who used Zoosk during or before May 2020 to register to join our group action claim.
Furthermore, as victims of data breaches often become the target of cybercriminals, we also advise anyone who might be involved in this risk to take immediate steps to protect themselves.
Those affected by the Zoosk cyber-attack could be in danger
Those affected by the Zoosk data breach are at serious risk of phishing attacks, fraud, and financial losses, especially as Zoosk did not warn them that their information is at the mercy of cybercriminals.
The information stolen in the hack included: names, dates of birth, gender, email addresses, family structure, drinking habits, education level, geographic locations, password information, income levels, nicknames, physical attributes, relationship statuses, and smoking habits. The hackers also exfiltrated further data relating to religion, ethnicity, political views, and sexual orientation.
This is a significant amount of confidential data.
We believe that Zoosk left UK users vulnerable to the risk of possible fraud and cyberattacks for almost two years by not reporting this data security incident.
Protect yourself from further attacks
To protect yourself following the Zoosk data breach, we recommend that you:
- Closely monitor bills, bank accounts, and emails for unfamiliar transactions and purchases.
- Alert your bank or credit card provider immediately if there is any suspicious activity.
- Monitor your credit score for any unexpected dips.
- Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
- Never automatically click on any suspicious links or downloads in emails or texts.
- Don’t assume an email or phone call is authentic because someone has your details.
- Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details.
- Know that, even if you recognise a name or number, it might not be genuine.
- Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot.
- Never provide your full password, pin, or security code to anyone. If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction.
- Listen to your instincts and ask questions if something feels “off”.
- Refuse requests for personal or financial information and stop discussions if you are at all unsure.
- Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine.
- Be cautious of unsolicited communications that refer you to a web page asking for personal data.
- Review your online privacy settings.
- Report suspected fraud attempts to the police and Action Fraud.
- Change your passwords regularly and use a different password for every account (a password manager can help with this).
- Protect your devices with up-to-date internet security software.
Protect yourself from romantic scammers
Because victims of the Zoosk data breach were users of a dating website/app, romance scammers could target them. To avoid becoming a victim of this type of cybercrime, if you are affected by the Zoosk hack, you should:
- Never send money or gifts to a partner they have not met in person.
- Never give anyone access to your bank account or card.
- Do not accept friend requests on social media from people you don’t know.
- Stop communicating with someone immediately if you suspect they are a scammer.
- Reverse image search the person’s profile picture and look carefully at their online profiles. These might highlight if the image is linked to another name, or if any of the information they have told you about themselves doesn’t match up.
- Be wary of anyone you have met online who declares strong feelings immediately, or after just a few conversations.
- Be wary of anyone who claims that their camera isn’t working and/or who refuses to video call/meet you in person.
- Be wary of any inconsistencies in their stories.
