fbpx

Zoosk Data Breach

A wealth of personal information has been accessed by cybercriminals.
KP Law can help victims to claim compensation.

Get justice for the Zoosk data breach

In 2020, dating website and app Zoosk was the subject of a cyber-attack. The incident, which was carried out by hacking group ShinyHunters, resulted in the exfiltration of 30 million user records with approximately 85% of the platform’s community affected.

A wealth of information was stolen in the hack. And in the wrong hands, this could be used to carry out scams, financial fraud and identity theft. Following the breach, the data was listed on a popular cybercrime marketplace for $18,000 as part of a larger database.

The data breach was big news in the US, with users warned to change any accounts using the same password. Zoosk users were also advised to be wary of any unsolicited communications – especially those purporting to come from Zoosk – as cybercriminals routinely launch phishing and scam attempts using stolen data.

However, despite being a global dating service, which is available in over 80 countries, and which matches “singles all around the world,” Zoosk did not announce the data breach in the UK until later, and the breach did not get the same level of news coverage. 

KP Law is launching an action to help those involved in the Zoosk data security failure.  We strongly urge anyone who used Zoosk during or prior to January 2020, and who has been informed that their data was involved in this hack, to register with us and we will keep them updated as developments unfold.

IF YOU ARE AFFECTED BY THE ZOOSK DATA BREACH, CONTACT US TO MAKE A NO-WIN, NO-FEE COMPENSATION CLAIM.

Why claim Zoosk data breach compensation?

Hold the guilty party to account for failing to protect your private information.

Receive financial compensation for your loss.

Force organisations to implement better data security.

Those affected by the Zoosk cyber-attack could have a compensation claim

Those affected by the Zoosk data breach are at serious risk of phishing attacks, fraud, and financial losses. Especially as they were not immediately warned that their information was at the mercy of cybercriminals.

The information stolen in the hack included: names, dates of birth, gender, email addresses, family structure, drinking habits, education level, geographic locations, password information, income levels, nicknames, physical attributes, relationship statuses, and smoking habits. Further, data relating to religion, ethnicity, political views, and sexual orientation was also exfiltrated. No payment or credit card information was compromised.

Those affected by the incident could have a compensation claim.

REGISTER TO FIND OUT MORE ABOUT THE ZOOSK UK ACTION.

Talk to our expert data breach lawyers today on 0151 459 5850

Zoosk Data Breach Timeline

  • January 2020
    An unauthorised third party gained access to Zoosk data stored in a database hosted by a third party on or around 12 January 2020.
  • May 2020
    Zoosk was the subject of a cyber-attack in which 30 million user records were exfiltrated by hackers.
  • 11 May 2020
    Zoosk learned that an unknown third party claimed to have accessed certain member information.
  • 28 June 2020
    Zoosk members were notified about the data breach.
  • July 2020
    A US class action lawsuit was launched over the Zoosk data breach.

Latest News

WHAT IS A GROUP ACTION?

 

Find out more about making a group action claim for compensation.

WHAT DOES NO-WIN, NO-FEE MEAN?

 

What does no-win, no-fee actually mean and are there really no costs if you appoint us?

JOIN OUR NO-WIN, NO-FEE ZOOSK GROUP ACTION

Why use KP Law to make a claim?

We are one of the most experienced multi-claimant law firms in the UK.

We represent clients in group actions with innovation, resources, and expertise.

We work with expert barristers to ensure you get the very best level of legal support available.

We have all the resources and global expertise necessary to take on complicated cases and win.

We have offices in Chancery Lane London, Birmingham and Liverpool, and the technology to provide a nationwide service, so we can help clients across England & Wales.

We use technology to deliver a better legal experience to our clients.

We work on a no-win, no-fee basis.

We make the process straightforward and hassle-free.

A complete guide to the Zoosk data breach

Following the Zoosk data breach, KP Law launched a group action to help victims of this privacy violation claim compensation. Here’s a guide to the Zoosk data breach to help you find out if you have a claim, and what you need to do to secure justice for the violation of your data protection rights.  

How did the Zoosk data breach happen?

In May 2020, the dating website and app Zoosk was the subject of a cyber-attack. The incident, which was carried out by hacking group ShinyHunters, resulted in the exfiltration of 30 million user records.

Following the breach, the stolen data was listed for sale on a dark web cybercrime marketplace. If you used Zoosk during or prior to January 2020, you could be affected by this breach.

In its notification email to clients, Zoosk admitted that: “The database contained certain information you may have included in your online Zoosk profile, such as name, email address, date of birth, generalised demographical information, gender search preferences, and other profile information such as religious or political preferences. While not confirmed, passwords may also have been affected.”

While Zoosk was the victim of a cyber-attack, it controlled your personal information and had a duty to look after it. If poor security processes allowed the breach to happen, which we believe they did, Zoosk is responsible and must be held to account.

The difference between the breach in the US and UK

Reporting of the breach

The data breach was big news in the US, with users warned to change any accounts using the same password. Zoosk users were also advised to be wary of any unsolicited communications – especially those purporting to come from Zoosk – as cybercriminals routinely launch phishing and scam attempts using stolen data.

However, despite being a global dating service,  Zoosk did not announce the data breach in the UK until later, and the breach did not get the same level of news coverage. This delay and lack of publicity could have put UK users at additional risk of possible fraud and cyberattacks.

Class action

In July 2020, a US class action lawsuit was launched over the Zoosk data breach. California residents who had their personal information compromised alleged that Zoosk failed to adequately safeguard sensitive data and maintain proper measures to detect hacking and intrusion. They appealed to the Court to have their claims addressed in a class action lawsuit.

We are launching a similar action to help those involved in the Zoosk data security failure in England and Wales.  The US bid for class certification was rejected by a federal judge because Zoosk’s T&Cs contain a class action waiver. However, data privacy laws are different in the UK.

How has the Zoosk data breach impacted victims?

Those affected by the Zoosk data breach are at serious risk of phishing attacks, fraud, and financial losses. The majority of our clients in this case have also experienced some form of personal distress/stress.

Financial Losses and identity theft

A data breach can result in both financial and identity theft. With enough stolen information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts, use your cards to make payments, and access your existing accounts.

Phishing scams

Criminals use financial data in scams designed to extract additional information from victims (e.g., banking passwords). And hackers often sell stolen financial data to other criminals for future scams.

Emotional distress

Even if no money is lost, the impact of a financial data breach can be significant. Many victims suffer from stress, anxiety, and distress due to living with the added risk and the extra vigilance needed. Thankfully, over the last few years, people have been waking up to the reality of mental health, and there is a greater awareness of the lasting effects of psychological suffering and anguish. 

Romantic Scams

Because victims of the Zoosk data breach were users of a dating website/app, romance scammers could target them. To avoid becoming a victim of this type of cybercrime, if you are affected by the Zoosk hack, you should:

  • Never send money or gifts to a partner they have not met in person.
  • Never give anyone access to your bank account or card.
  • Do not accept friend requests from people you don’t know on social media.
  • Stop communicating with someone immediately if you suspect they are a scammer.
  • Reverse image search the person’s profile picture and look carefully at their online profiles. These might highlight if the image is linked to another name, or if any of the information they have told you about themselves doesn’t match up.
  • Be wary of anyone you have met online who declares strong feelings immediately, or after just a few conversations.
  • Be wary of anyone who claims that their camera isn’t working and/or who refuses to video call/meet you in person.
  • Be wary of any inconsistencies in their stories.

Help and support following the Zoosk data breach

Our data protection solicitors have listed some helpful links to ensure victims of the Zoosk data breach know where they can turn.

Victim Support

The leading independent victim’s charity in England and Wales for people affected by crime and traumatic incidents. 

The Samaritans

If you are struggling emotionally after a data breach, you can call the Samaritans free from any phone. 

Mind

Advice, information, onward referral, and holistic support to people experiencing mental ill-health and drug/alcohol difficulties (which could be exacerbated following the Zoosk hack). The service can also support people who have been a victim of crime. 

Action Fraud

Victims of online offences such as scams and financial/identity fraud following the Zoosk data hack should contact Action Fraud to report their loss. 

Get Safe Online

A source of unbiased, factual, and easy-to-understand information on online safety with guidance to protect you from fraud, identity theft and abuse. 

Take Five to Stop Fraud

Impartial advice to help everyone in the UK protect themselves against financial fraud. 

Choosing a Zoosk data breach solicitor

At KP Law, we understand that choosing a data breach solicitor can be daunting. How do you know if it is the right firm for you, and can you be sure that you will not have to pay any unforeseen costs? To make the process a little bit easier, here are some questions you should ask when choosing a Zoosk data breach lawyer. 

Is your firm a data breach expert?

When making a data breach case, you must appoint an expert in this type of law. Data breach and cybercrime are relatively new and evolving areas of law, so it can be difficult to find specialist lawyers. At KP Law, we have a dedicated team of data protection experts who have been at the forefront of data breach legal services for several years. Because we have been doing this for longer than most, we lead our field when it comes to understanding the complexities involved and we know what it takes to make a successful data breach claim.

Can I make a no-win, no-fee Zoosk claim?

Make sure to appoint a data breach firm that offers its services on a full no-win, no-fee basis. Because if you do not win, you won’t have to pay a penny. That includes not having to pay the other side’s costs. At KP Law, we take out insurance to protect our clients from any such legal costs.

How much will it cost me to make a Zoosk data breach compensation claim if I win?

In some cases, the ‘success fee’ charged can be much higher than you expect. At KP Law, our success fee is competitive and there are no hidden fees or admin charges.

Have you managed any successful data breach group actions?

Several UK legal firms have knowledge of multi-claimant litigation (group actions), but ask any you are considering if they have specifically managed data breach group actions. At KP Law, we are currently managing several significant data breach group actions. And we have secured settlements against big players such as British Airways and Ticketmaster. 

Do you have the resources to go the distance?

Large organisations are smarter and better resourced than ever before, and it is difficult for some law firms to stand up to such strength. At KP Law, we have the legal expertise and resources necessary to take on corporate giants with deep pockets. We support thousands of multi-claimant and group-action clients, and we can do the same for you.

What evidence do you need to join our Zoosk group action?

To join our action, all you need is notification from Zoosk informing you that you were involved in the breach. But, as well as confirmation that you were involved in the breach, we will also ask you for some other evidence to ensure we make the strongest possible claim on your behalf. 

Details of any phishing attacks or scams you have experienced that you believe are linked to the data breach

Many of our clients have seen a rise in attempted phishing scams since the Zoosk data hack. If you have experienced phishing, or other scam attempts, that you believe are linked to this data breach, please make a note of these, and keep any evidence. 

Details of any money lost because of the Zoosk data breach

If you have experienced any financial loss because of this data breach, please make a note of this and keep any evidence (e.g., bank statements, correspondence, etc.). Even if your financial data wasn’t breached, you could still have lost money if a phishing scammer has used your personal data against you.

Details of any mental health conditions caused or made worse because of the data breach

If you have experienced emotional distress because of this data breach, please make a note of this and keep any evidence (e.g. details about medical appointments/prescriptions that relate to this data breach). 

Details of any expenses or inconvenience incurred

Following a data breach, people often have to spend a significant amount of time on the phone with their bank and credit reference agencies. Sometimes, there are travel costs and medical expenses required. And it might be possible to add these to your claim. 

It is not unusual that – on reviewing a data breach impact form – we uncover information that allows us to increase the value of a claim significantly. What might seem irrelevant to you could make a massive difference in the eyes of the law. So please keep a hold of anything that might be useful. 

Your questions answered

See our answers to the FAQs we get asked about the Zoosk data breach.

An unauthorised third party gained access to Zoosk data stored in a database hosted by a third party on or around 12 January 2020.

In May 2020, dating website and app Zoosk was the subject of a cyber-attack. The incident, which was carried out by hacking group ShinyHunters, resulted in the exfiltration of 30 million user records. This data was then posted for sale on the dark web.

The information stolen in the hack included: names, dates of birth, gender, email addresses, family structure, drinking habits, education level, geographic locations, password information, income levels, nicknames, physical attributes, relationship statuses, and smoking habits. Further, data relating to religion, ethnicity, political views, and sexual orientation was also exfiltrated. No payment or credit card information was compromised.

If you used Zoosk during or prior to January 2020, you could be affected by this breach.

Anyone who thinks they might be involved should take immediate steps to protect themselves. 

KP Law is currently working closely with cyber security experts to find out exactly how this breach impacts users in the UK. If – as we suspect – these users are at risk, we will launch a group action claim in England & Wales. We strongly urge anyone who has received an email to notify them that their data was involved in the hack, to register with us and we will keep them updated as developments unfold. There are no costs to register and no obligation to proceed.

A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions, multi-claimant, or multi-party actions.

There are no costs to join a claim. However, if your claim is successful, you may have to pay a ‘success fee’. This fee is taken from the compensation awarded to you. Our success fee is competitive, and we make sure you are fully informed about any potential costs before you officially join our action. If you lose, you won’t have to pay a penny.

What can you claim for?

While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach, cybercrime or other GDPR violation:

Financial loss

With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.

Distress

GDPR failures, cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.

Loss of privacy

Your data has value, and organisations must be held to account if they fail to protect your right to data privacy or otherwise do not uphold your GDPR rights.
 

How to protect yourself following a data breach or cybercrime

  • Contact your bank or credit card provider immediately if your financial data has been exposed.
  • Check all bills and emails for goods or services you have not ordered.
  • Check your bank account for unfamiliar transactions.
  • Alert your bank or credit card provider immediately if there is any suspicious activity.
  • Monitor your credit score for any unexpected dips.
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name.
  • Never provide your PIN or full password to anyone (even someone claiming to be from your bank).
  • Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
  • Follow the security instructions provided by the organisation that breached your data.
  • Never automatically click on any suspicious links or downloads in emails or texts.
  • Don’t assume an email or phone call is authentic just because someone has your details.
  • Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details.
  • Know that, even if you recognise a name or number, it might not be genuine.
  • Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot.
  • Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction.
  • Listen to your instincts and ask questions if something feels “off”.
  • Refuse requests for personal or financial information and stop discussions if you are at all unsure.
  • Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine.
  • Be cautious of unsolicited communications that refer you to a web page asking for personal data.
  • Don’t accept friend requests from people you don’t know on social media.
  • Review your online privacy settings.
  • Report suspected fraud attempts to the police and Action Fraud.
  • Register with the Cifas protective registration service to slow down credit applications made in your name.
  • Change your passwords regularly and use a different password for every account (a password manager can help with this).
  • Protect your devices with up-to-date internet security software.

JOIN OUR NO-WIN, NO-FEE GROUP ACTION