More than 100 customers in China are planning to file a collective lawsuit against NASDAQ-listed online store JD.com after being the victims of personal information leaks and the subsequent online banking fraud, according to a Chinese media report published on April 9.
An online chat group hosting around 150 people showed that all the victims shared the same history of being cheated by people impersonating JD.com's after-sales service staff who had access to their names, addresses, phone numbers, ID numbers, and the details of the online purchases the customers made.
According to Yu, who lost 40,000 yuan ($6,400), after winning the victims' trust, the scammer told them that their purchase had been unsuccessful, and that they had to follow certain steps to finish the refund and reorder process. After clicking on the links provided by the scammer and inputting their debit card information, the money was gone. Some lost as much as 228,000 yuan ($36,700).
Zhang Xinnian, a lawyer at a Beijing law firm, told local tabloid the Southern Metropolis that judging from the evidence such as phone recordings and screenshots, JD.com should bear civil liability for the damages. He also urged the business administrative and police authorities to begin the investigation as soon as possible.
"There are loopholes on JD's website which should have been fixed long ago, considering such scale of the personal information leaks," noted Zhang. "It is a possibility, however not a big one, that insiders are trading customers' information to criminals."
The report said that JD.com has 146 safety issues recorded -- four times more than its peers, according to WooYun.org, an online safety watchdog.
Another victim, Han, who set up the online group and has been leading the effort of seeking compensation, told the tabloid that up to this point, JD.com has only contacted and discussed "advanced payment" with those who lost comparatively less money in the fraud, and those who are more active in the group
JD.com issued the following statement:
"Protecting our users' data is of the utmost importance to JD.com, and we never reveal any personal information about our users to third parties.
We have numerous sophisticated measures and technologies in place to protect user data, and to ensure that their JD.comshopping experience is as safe and enjoyable as possible. One simple but critical step we encourage our customers to take to protect their security is ensuring that they use strong passwords and do not use the same passwords across multiple sites.
We are aware that a small number of customers who used the same login information across other websites, including sites that may have lax security standards, were recently targeted by third party criminal groups impersonatingJD.com customer service representatives.
We take this issue extremely seriously and we are working to resolve this problem, including assisting police investigations and working with our customers to ensure that their security is protected."