Casper may want its customers to get a good night’s rest on its mattresses, but no matter how comfortable these beds might be, Casper’s alleged practice of illegally collecting customer data may make it hard to sleep soundly. The bed in a box company is now facing a federal lawsuit that accuses it and software company NaviStone of collecting information from visitors to the Casper website to try to determine their identities.
The lawsuit, which is seeking to be granted class-action status, claims that New Yorker Brady Cohen visited casper.com “several times over the past six months while he was shopping for a new mattress,” as CBS reported. But what Cohen (and most customers) didn’t realize was that Casper utilized NaviStone’s technology to figure out Cohen’s personally identifiable information (PII), such as his name and postal address, all without his explicit consent. The lawsuit alleges that Casper can keep tabs on a user’s keystrokes, mouse clicks, and more, helping the company obtain detailed data on user habits.
As the filing asserts, “…when connecting to a website that runs this remote code from NaviStone, a visitor’s IP address and other PII is sent to NaviStone in real-time. This real-time interception and transmission of visitors’ electronic communications begins as soon as the visitor loads casper.com into their web browser.” It continues, “The intercepted communications include, among other things, information typed on forms located on casper.com, regardless of whether the user completes the form or clicks ‘Submit.’”
Casper, for its part, has denied the charges, branding them as nothing but a “blatant attempt to cash in on and extort a successful, high-growth startup.” And for its part, NaviStone also seems surprised by the lawsuit. The company readily admits on its site that it allows clients to reach “previously unidentifiable website visitors,” but that it still complies with privacy laws.