StockX, a sneaker trading platform, is facing a lawsuit over a data breach that resulted in more than 6.8 million customer records being exposed.

Filed on Monday in U.S District Court, the lawsuit is on behalf of a minor from Kansas and other minors whose personal data “was accessed, acquired, stolen and re-sold by hackers for the express purpose of misusing plaintiff’s data and causing further irreparable harm to plaintiff’s personal, financial, reputational and future well-being.”

An unknown third party was able to gain access to StockX customer records and then sold it on the dark web.

The lawsuit states that StockX was slow in informing users about the hack that had occurred months earlier. The stolen information included names, email addresses, hashed passwords, all of which are “highly valued amongst cyber thieves and criminals on the Dark Web.”

According to the lawsuit the plaintiff and the class would never have provided their personal information to StockX if it had “disclosed that it lacked adequate security measures and data security practices, as was revealed by the media reports.”

StockX had sent password reset emails, with a message attributing the reset to a system update, instead of revealing the truth.

“Plaintiff and the class have been damaged in that plaintiff and the class spent time and will spend additional time in the future speaking with representatives, researching and monitoring accounts, researching and monitoring credit history, responding to identity theft incidents, purchasing identity protection, and suffering annoyance, interference, and inconvenience, as a result of the data breach.”

The suit seeks damages and a jury trial.

Article originally published on PrivSec:Report

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.