In February of 2015, Lime Crime announced that it discovered an unauthorized installation of malicious software on the third party computer server hosting Lime Crime’s website which stored certain personally identifiable information (“PII”) of its customers (the “Incident”) and that the malware could have affected the information of customers that used their payment cards on Lime Crime’s website between October 4, 2014 and February 15, 2015. In February 2015, Lime Crime sent Incident Notices to potentially affected customers to notify them of the Incident and offer one year of complimentary identify protection and fraud resolution. The lawsuit claims that Lime Crime maintained inadequate data security practices and delayed notifying customers of the Incident. Defendant Lime Crime denies all of the allegations made in the Action.