A class action lawsuit has been filed against Bumble after a January 2026 phishing-based cyberattack allegedly compromised the personal information of users of the popular dating app. The complaint alleges Bumble failed to implement adequate security measures to prevent the breach. For class action updates, visit OpenClassActions.com.
What Happened?
In January 2026, Bumble Inc. experienced a cyberattack that enabled unauthorized access to user data. Reports indicate the breach was facilitated through a phishing attack targeting Bumble employees, which allowed the attackers to bypass security controls and access internal systems containing user information. The breach has been linked to the ShinyHunters hacking group, which has been responsible for numerous high-profile data breaches across the technology sector.
What Data Was Exposed?
While Bumble has not publicly disclosed the full scope of compromised data, the complaint alleges the following types of personally identifiable information may have been accessed:
- Full names and email addresses
- Phone numbers
- Date of birth
- Location data and IP addresses
- Profile information including photographs
- Payment-related information for premium subscribers
What Does the Lawsuit Claim?
The complaint, Omirin v. Bumble Inc., was filed on February 19, 2026 in the U.S. District Court for the Western District of Texas. The plaintiff alleges that Bumble failed to implement industry-standard security measures including adequate employee phishing awareness training, multi-factor authentication on sensitive internal systems, and proper data encryption. The lawsuit characterizes the breach as “massive and preventable.”
The lawsuit is particularly notable given the sensitive nature of dating app data. Compromised dating profiles can expose intimate personal details — including sexual orientation, relationship preferences, and private communications — that carry risks beyond traditional financial identity theft.
| Detail | Information |
| Case | Omirin v. Bumble Inc. |
| Court | U.S. District Court, Western District of Texas |
| Filed | February 19, 2026 |
| Breach Method | Phishing-based cyberattack |
| Firms | Cherry Johnson Siegmund James PC; Wilshire Law Firm, PLC |
| Status | Active litigation |
What Should Bumble Users Do?
If you have a Bumble account, change your password immediately if you haven’t already. Enable two-factor authentication on your account, and be alert for phishing emails or texts that reference your Bumble account. If you used the same password on other platforms, change those as well. Monitor your financial accounts if you were a paying Bumble subscriber.
This page is for informational purposes and does not constitute legal advice. Visit OpenClassActions.com for more class action news.
Related Data Breach Cases on OpenClassActions
- RINA $400,000 Data Breach Class Action Settlement
- Crunchyroll Faces Second Data Breach Lawsuit Within One Month
- Court Grants Final Approval to Google RTB Settlement Introducing New Privacy Controls
- How to File a Claim in the $26 Million Lakeview Loan Servicing Data Breach Deal
- Neiman Marcus $3.5 Million Customer Data Breach Class Action Settlement