A class-action lawsuit has been filed against Crimson Wine Group, the Napa-based wine company, over a significant data breach that compromised the personal information of its customers.
The lawsuit, filed on December 23, 2024, in the U.S. District Court for the Northern District of California, alleges that Crimson Wine Group was negligent in protecting consumer data, exposing at least 26,000 individuals to the risks of identity theft and other personal harms.
A Hacking Incident Exposes Sensitive Data
According to the complaint, Joanne Kaplan, an Illinois resident and Crimson Wine customer, claims that the company failed to safeguard her personal information, which was exposed as a result of a hacking incident.
The breach occurred between June 26 and June 30, 2024, when Crimson Wine Group’s systems were compromised. The company reported the breach to Texas and Vermont attorney generals on December 13, after detecting unusual activity on June 30.
The data compromised in the breach included sensitive personal details such as Social Security numbers, driver’s license numbers, dates of birth, and financial and medical information. The lawsuit contends that the delay in notifying affected individuals left them unaware of the breach for nearly six months, leaving them vulnerable to financial and social harm.
Delayed Response and Continued Risk
The lawsuit claims that because Crimson Wine Group failed to act promptly, affected customers were left in the dark about the potential consequences for nearly half a year.
Kaplan, along with other victims of the breach, faces the ongoing risk of identity theft, fraud, and other cybercrimes that may persist for the remainder of their lives.
Kaplan’s efforts to mitigate the damage included spending hours researching the breach, reviewing her financial accounts, and looking into the credit monitoring services offered by Crimson Wine.
However, the lawsuit states that the company’s offer of only one year of credit monitoring was insufficient, as customers may need to pay for additional services, including credit monitoring fees, credit reports, and credit freezes, to protect themselves.
Allegations of Negligence and Unfair Practices
The lawsuit alleges that Crimson Wine Group, as a national company with access to millions of customers’ personal data, should have taken more proactive measures to protect its information from cyber threats.
The complaint claims that the company’s failure to adequately safeguard its systems constitutes negligence and a breach of duty to its customers.
In addition to negligence, the lawsuit includes allegations of invasion of privacy, unjust enrichment, and fraud. Kaplan and other affected customers are seeking compensation for the financial losses, time spent managing the fallout, and the emotional distress caused by the breach.
The Impact on the Wine Industry
Crimson Wine Group, known for its portfolio of wineries in Napa Valley, Sonoma County, and other renowned regions, is a significant player in the wine industry, with brands including Pine Ridge Vineyards, Seghesio Family Vineyards, and Archery Summit.
The company’s failure to protect its customers’ sensitive data highlights growing concerns in the wine and spirits industry regarding cybersecurity and data privacy.
As the lawsuit progresses, many are watching closely to see what impact this case will have on data protection practices within the industry and the broader implications for consumer trust.
