A woman has targeted Facebook and the makers of online game app Uiggy with a class action, accusing them of allowing hackers to obtain her personal information and that of more than 4 million other Uiggy users in a data breach.
Sylwia Komorska filed a complaint Nov. 14 in Cook County Circuit Court against Facebook and Uiggy, which was the target of a June 2016 data hack, according to the complaint. Komorska said Uiggy’s lax security procedures gave hackers access to names, email addresses, genders, website activity and other Facebook connections for more than 4.3 million Uiggy users. She also said the company failed to implement a reasonable breach notification process.
According to the complaint, hackers not only accessed the users’ data but also released it to public domain. Further, “Uiggy’s inadequate technical and administrative cybersecurity protocols resulted in unreasonable delay in detecting the data hack for several months, thereby greatly aggravating the damages incurred.”
Uiggy is a Facebook-embedded online word game, trivia and personality quiz application that launched Dec. 29, 2015. According to the complaint, Facebook users had to supply personal information to be allowed to use Uiggy.
Komorska said she didn’t even learn of the breach until October 2018. She said Uiggy should’ve been aware of the risks of capturing and storing sensitive data, as well as the consequences of exposing such information to unauthorized third parties. Instead, she alleged, the company failed to “implement a reasonable cybersecurity protocol that included adequate technical, administrative and physical controls. …”
“Uiggy lets its customers languish in ignorance as to the real risk of irreversible privacy harms,” Komorska continued, saying she might have used the service differently — or not at all — had she known the risk, accusing the company of trying to save money by skimping on costs of compliance with reasonable data security standards. Since learning of the breach, the complaint added, she “has taken time and effort to mitigate her risk of identity theft, including monitoring her credit and financial accounts.”
In addition to a jury trial, Komorska seeks certification of a class of all Uiggy users during the data breach, as well as an Illinois subclass. Formal allegations include a violation of the Illinois Consumer Fraud and Deceptive Business Practices Act, breach of contract and negligence.
Komorska seeks actual, statutory, compensatory and punitive damages and wants the court to force Facebook and Uiggy to provide fraud monitoring and mitigation services, as well as to compel them “to implement commercially reasonable security measures to properly guard against any and all future cyber attacks and to provide prompt, reasonable notification in the event of such an attack.”
Representing Konorska, and putative class attorneys, are lawyers from the Chicago firm McGuire Law P.C.