StockX, a trading platform for fashion and sneakers, is facing a class action lawsuit after a data breach this past spring. TechCrunch reported the breach in May. StockX initially told its users to change passwords, but said that was due to “system updates”, not a phishing email it had fallen for. The hacker got access to more than 6.8 million customer accounts. The information including names, email addresses, and passwords was sold on the dark web at a price of $300 per user. The data also included the user’s device type and the software version. Under GDPR rules, a company can be fined up to four percent of its global annual revenue for violations. According to the federal district court filing seeking class status, “plaintiff and the class have been damaged in that plaintiff and the class spent time and will spend additional time in the future speaking with representatives, researching and monitoring accounts, researching and monitoring credit history, responding to identity theft incidents, purchasing identity protection, and suffering annoyance, interference, and inconvenience, as a result of the data breach.,” the filing reads.