A new lawsuit has been filed against Gravy Analytics, a leading data broker, alleging that the company failed to secure its vast stores of personal data, including the locations of tens of millions of smartphones. The complaint claims that the data was stolen and is being used for identity theft. This is at least the fourth lawsuit against Gravy since January, when an unidentified hacker posted screenshots to a Russian cybercrime forum to support the claims.
Gravy Analytics confirmed that it suffered a data security breach in January 2025, which was discovered on January 4th. The company had previously been banned from selling sensitive location data by the Federal Trade Commission (FTC) in December 2024.
The lawsuit alleges violations of California’s Unfair Competition Law, as well as negligence, breach of implied contract, and unjust enrichment. Gravy Analytics denies collecting location data directly from apps but claims that it licenses commercially available data collected via smartphone apps from other data providers.
The FTC has taken action against several data brokers in recent years, including Kochava, X-Mode, InMarket, and Mobilewalla. It is unclear whether the agency will continue to prioritize privacy enforcement under the new administration.
Source: https://www.theregister.com/2025/02/06/gravy_analytics_data_breach_suit