On Thursday, Engage BDR, LLC and Kenneth Kwan filed a lawsuit in the Central District of California against “US Internet Domain Registrar and Web Hosting Company” GoDaddy and anonymous individuals associated with it, for the unauthorized transfer the domain name of the complainants following a data breach.
According to the complaint, in July 2009, Kwan, “on behalf of Engage, purchased the domain name ‘hahajk.com’ through the defendant for a period of five years.” In 2014 and 2019, Kwan renewed the domain name with GoDaddy for a period of two and five years, respectively. The plaintiffs claimed that around October 19, 2019, GoDaddy “suffered a security breach that affected approximately 28,000 customer hosting accounts, including Mr. Kwan’s account in which he purchased and owned the name of. domain”. The plaintiffs argued that this security breach lasted about six months “before being detected by the defendant’s security team on April 23, 2020”.
Engage claimed that “on or around December 2019, GoDaddy transferred the domain name of Mr. Kwan’s account to a third party without their authorization or approval.” The plaintiffs added that the anonymous defendants violated or hacked GoDaddy’s system “entered Mr. Kwan’s account and transferred several domain names under that account, including, but not limited to, the name of domain “.
The complainants alleged that GoDaddy, as registrar of the domain name, was obligated to “provide adequate security for Mr. Kwan’s hosting account and the domain name”; “Provide adequate security mechanisms to protect the Domain Name from unauthorized transfer to a third party”; “Contact Mr. Kwan for authorization to transfer the Domain Name to a third party”; “Contact Mr. Kwan to verify any request to transfer the Domain Name to a third party”; “Adequately warn Mr. Kwan of the possibility of an unauthorized transfer of the Domain Name to a third party”; and “otherwise exercise due diligence with respect to the matters alleged in this complaint”. However, the complainants argued that GoDaddy failed to meet these obligations, which resulted in the unauthorized transfer of the domain name. As a result, the Complainants asserted that their “economic relations with their various partners with regard to the use of the Domain Name have been and continue to be disrupted”.
The charges against the defendants include negligence, negligent interference with potential economic benefit, unfair and fraudulent business practices and breach of the implied commitment of good faith and fair dealing.
The plaintiffs seek compensation for damages, pre- and post-judgment interest, injunction and restitution. The plaintiffs are represented by the law firm Thad M. Scroggins.