Words with Friends Developer, Zynga, Sued Over User Data Breach, Law Firm FeganScott Announces

SAN FRANCISCO--(BUSINESS WIRE)--Zynga, developer of popular mobile games Words with Friends and Draw Something, is the target of a proposed class-action lawsuit filed by FeganScott on behalf of players affected by a data breach.

The suit claims the Zynga failed to alert users of a data breach, allowing personal data, including name, email address, Zynga ID and password, Facebook ID and password and, in some instances, financial information, to be used in fraudulent activity.

According to Elizabeth Fegan, managing member and founding partner of FeganScott, Zynga’s customer database was breached in September 2019 by a serial hacker who accessed more than 170 million customer accounts. After being alerted about the breach, Zynga never directly notified customers that their accounts were compromised.

“Zynga promised to protect its customers’ data with ‘reasonable security measures,’” Fegan said. “However, when users’ personal data was compromised, Zynga did nothing to contact those who were affected by the breach. Now millions of customers are facing the very real threat of identity theft and fraud for years to come—simply because they trusted Zynga would sufficiently protect their information.”

Significantly, a substantial portion of Zynga’s user base is made up of minors. Fegan noted that children’s personal information is particularly attractive to identity thieves, because minors do not check their credit reports, meaning thieves may not get caught for years or even decades.

The lawsuit claims Zynga used SHA-1, or Secure Hash Algorithm 1 encryption, which was banned by the federal government as early as 2010. The 41-page complaint notes that Zynga knew about its vulnerabilities as early as 2012, and still failed to implement adequate security measures. The stolen personal information includes names, email addresses, login IDs, passwords, password reset tokens, phone numbers, Facebook IDs and Zynga account IDs, collectively making up the tenth largest breach of all time.

Filed in U.S. District Court for the Northern District of California, San Francisco Division, the suit seeks to represent all Zynga customers who were affected by the September 2019 data breach. Plaintiffs Joseph Martinez and Daniel Pietro lead the suit, and if approved, the complaint will cover all users defined by the class.

“Technology companies have a duty to protect their users’ personal information, and in its failure to do so, Zynga left consumers vulnerable to a staggering number of fraud attempts and phishing scams,” Fegan said. “For customers, this breach isn’t just about the threat of monetary losses—identity theft can take an emotional toll, and we want to make sure that companies are held responsible for their laissez-faire attitudes when it comes to protecting consumer data.”

Consumers who are interested in learning more about this class action suit are urged to send their contact information to zynga@feganscott.com.

About FeganScott

FeganScott is a national class-action law firm dedicated to helping victims of consumer fraud, sexual abuse, and discrimination. The firm is championed by acclaimed veteran, class-action attorneys who have successfully recovered $1 billion for victims nationwide. FeganScott is committed to pursuing successful outcomes with integrity and excellence while holding the responsible parties accountable. To sign up for case updates, email zynga@feganscott.com.

Case: Case 3:20-cv-02612