In January 2019, Epic Games, which developed and operates Fortnite – a popular battle-royale style video game – publicly acknowledged that it had suffered a data breach. The privacy violation meant that Fortnite users’ Personally Identifiable Information (PII) was subject to a security breach. PII describes any information about a person that could be used to identify them, either on its own or in combination with other data.
In this case, usernames, passwords, email addresses, and the credit and debit details of 50,000 users were compromised in the data breach. Worryingly, it does not appear as if everyone affected has been notified.
The Fortnite data breach was a result of poor security measures
The Fortnite data breach stemmed from its single sign-on (SSO) setup, which allowed users to log into multiple services via an account such as Cas Epic Games, Xbox, or Google. Once logged into this third-party account, users could then access their Fortnite account via a digital token.
However, hackers managed to manipulate this vulnerability and purchase in-game Fortnite currency without the permission of the account holders. Hackers also used this information to steal player accounts. Some of these stolen accounts, once loaded up with in-game currency purchased fraudulently, were sold on the dark web.
Because Epic Games failed to maintain adequate security measures, many Fortnite users were put at risk of fraud and theft. And the failure to inform these users about the security breach in a timely manner meant they were left unprotected for longer than was necessary. This is a clear breach of trust and data protection laws.
As a result of the Fortnite data breach, many people lost out financially as their credit or debit card information was linked to their hacked Fortnite account.
Can you make a Fortnite data breach claim?
Fortnite is played by approximately 80 million people each month, and there are around 350 million registered users across computer, console, and mobile platforms. So, this is an incredibly significant data breach.
However, in June 2019, Epic Games attempted to avoid having to pay out at court by introducing an Individual Arbitration and Class Action Waiver. This waiver saw users agree to resolve all disputes with Epic Games via arbitration rather than formal litigation. However, these terms do not apply to a complaint or remedy under the EU General Data Protection Regulation (GDPR). So, put simply, Fortnite users in the EU can still go to court to claim compensation from Epic Games.
How can Keller Lenkner UK help?
At Keller Lenkner UK, we can help Fortnite users living in England & Wales who have suffered because of the data breach claim what they are due. We are doing this via a group action.
A group action allows people with the same type of claim to bring it together on a collective basis to strengthen their overall position. This increases their chances of settlement or success in litigation.
If you would like to find out more about making a Fortnite data breach claim, contact our expert lawyers today.