Best Buy Customer Data Privacy Lawsuit, Were You Affected? Moon v. Best Buy Co., Inc., No. 0:26-cv-02381
Best Buy Co., Inc. is facing a class action lawsuit — Moon v. Best Buy Co., Inc., No. 0:26-cv-02381 — filed April 27, 2026 in the U.S. District Court for the District of Minnesota, alleging the retail giant sold customers’ personally identifiable information (PII) to third-party advertisers without their knowledge or consent. The plaintiff is Corlis Moon, a Virginia resident who bought products at a Best Buy store in Manassas, Virginia. If you have ever shopped at Best Buy — in a store, online, or through its app — this case may directly affect you.
Best Buy Customer Data Privacy Lawsuit — Key Facts
| Field | Detail |
| Lawsuit Filed | April 27, 2026 |
| Defendant | Best Buy Co., Inc. |
| Alleged Harm | Selling customers’ PII to advertisers without notice or consent |
| Specific Law Alleged | Virginia Personal Information Privacy Act (VPIPA), Va. Code Ann. §§ 59.1-442; unjust enrichment |
| Who Is Affected | Best Buy customers whose purchase history, name, email, address, or phone number was shared with LiveRamp |
| Court & Case Number | U.S. District Court, District of Minnesota — No. 0:26-cv-02381-JMB-DJF |
| Current Court Stage | Proposed class action — early litigation stage |
| Lead Plaintiff Deadline | TBD — not yet set by the court |
| Settlement Status | No settlement reached |
| Law Firms Involved | Cuneo Gilbert Flannery & LaDuca, LLP (Robert K. Shelquist) |
| Last Updated | May 30, 2026 |
Who Is Best Buy and Why Are They Facing a Customer Data Privacy Lawsuit?
Best Buy Co., Inc. is the largest specialty consumer electronics retailer in the United States, serving over 200 million customers a year. The company is incorporated in Delaware and headquartered in Richfield, Minnesota, and operates stores across the country — including at least 32 locations in Virginia alone. The lawsuit matters to everyday shoppers because it targets something most people do not think about: what happens to your personal information after you walk out the door.
What Did Best Buy Do With Shoppers’ Personal Information?
In addition to traditional retail services, Best Buy maintains a retail media network called “Best Buy Ads.” Brands that pay to join this network can advertise directly to Best Buy shoppers across the company’s website, social media channels, and in stores — and can purchase valuable first-party customer data collected by Best Buy.
To help advertisers reach customers more precisely, Best Buy Ads uses a data clean room (DCR) operated by a company called LiveRamp. The customer data Best Buy sold and shared with the LiveRamp DCR includes customers’ names and other identifiers, email addresses, mailing addresses, phone numbers, and purchase histories.
Here is what that means in plain English: every time you bought something at Best Buy, the store built a profile on you. That profile — your contact details, your shopping habits, what you bought and when — was then packaged and sold to other brands so they could target you with ads. The lawsuit says customers were never properly told this was happening.
The complaint also notes that the Federal Trade Commission has warned that data clean rooms such as LiveRamp do not automatically prevent the impermissible disclosure of consumer information, and still risk violating consumer privacy rights. The FTC has publicly described data clean rooms as sometimes amounting to little more than “privacy washing” — a label that makes the data sharing sound safer than it actually is.
Best Buy profits from the unauthorized sale and disclosure of customers’ purchasing patterns and other personal information, the suit alleges, doing so at the expense of customers’ statutory privacy rights.
To understand how this type of case fits into a broader pattern of retailers monetizing customer data, you can read our coverage of the General Motors OnStar data privacy settlement, where GM was accused of selling driving data to insurers without driver knowledge. A nearly identical legal theory runs through both cases. You may also find it useful to review our coverage of the Lenovo data privacy class action lawsuit, which similarly alleges unauthorized customer data transfers to third-party advertising networks.
How Best Buy Allegedly Violated Virginia’s Personal Information Privacy Act (VPIPA)
The legal filing specifically highlights violations of the Virginia Personal Information Privacy Act (VPIPA). This law is designed to give everyday people more control over how corporations use their digital footprints. Under VPIPA, companies are generally required to provide clear notice and obtain consent before selling personal data to third parties.
The lawsuit claims Best Buy failed on both fronts, allegedly keeping customers in the dark about how their information was being monetized. By bypassing these legal requirements, the company reportedly prioritized advertising revenue over the statutory privacy rights of its customers.
Are You Part of the Best Buy Customer Data Privacy Class Action?
This is the most important question. Here is exactly how to know if this lawsuit includes you.
You may be included if:
- You purchased products at any Best Buy retail store, on the Best Buy website, or through the Best Buy mobile app during the period when the data-sharing practices described in the complaint were active
- Your name, email address, mailing address, phone number, or purchase history was among the customer data shared with LiveRamp
- You were never given clear notice that Best Buy was selling your personal information to advertisers, and you never consented to it
You likely do not qualify if:
- You have never shopped at Best Buy in any form — in store, online, or through its app
- You provided express written consent to Best Buy to share your data with third-party advertising partners
Best Buy Shoppers Outside Minnesota — Are You Still Covered?
Yes. The case was filed in federal court in the District of Minnesota, where Best Buy is headquartered, but the proposed class includes customers nationally. Your state of residence does not exclude you. Whether you shopped in Virginia, California, Texas, or anywhere else in the United States, you may fall within the proposed class if your data was shared through the Best Buy Ads and LiveRamp system.
If you are unsure whether you qualify for the Best Buy data privacy lawsuit, a free consultation with a data privacy attorney can help you assess your situation before any deadlines are set by the court.
What Are Best Buy Shoppers Asking the Court to Award in the 2026 Data Privacy Lawsuit?
The complaint seeks compensation for the unauthorized sale of customers’ PII. It asserts claims under the Virginia Personal Information Privacy Act and a separate claim for unjust enrichment — meaning the lawsuit argues Best Buy was unjustly enriched by profiting from customer data it had no right to sell.
No specific dollar amount is confirmed in the complaint. No money is available yet, and no claim form exists at this stage of litigation.
What Could Best Buy Customers Receive If the 2026 Data Privacy Case Settles?
It is impossible to predict a payout amount right now. If the case settles, how much individual class members receive will depend on the total number of claimants, the strength of the evidence, and what the parties negotiate. Privacy cases involving personal data sales have settled for varying amounts in the past, but no figure should be assumed here.
If you have questions about your potential recovery, speaking with a data privacy attorney is the best step you can take at this stage.
What Should Best Buy Customers Do Right Now?
Most class members are automatically included in a class action once it is certified — you do not need to file anything immediately to protect your spot.
- Save any Best Buy purchase records. This includes receipts, order confirmation emails, account order history, and any loyalty or rewards program communications. These documents establish that you were a Best Buy customer during the relevant period.
- Do not delete your Best Buy account or order history. Courts often look at purchase records during the damages phase.
- Document the harm you experienced. If you noticed unusually targeted advertising from brands you had no direct relationship with after shopping at Best Buy, note when it happened and which brands were involved.
- Monitor the docket. This case is filed as No. 0:26-cv-02381-JMB-DJF in the U.S. District Court for the District of Minnesota. As the case develops, court filings will become available through PACER.
- Watch for a lead plaintiff deadline. The court has not yet set one, but if you had a significant volume of purchases at Best Buy and want to be considered for a lead plaintiff role, consult an attorney promptly.
- Consider an individual claim. If you believe your losses are substantial and specific, a data privacy attorney can advise you on whether pursuing an individual claim makes more sense than remaining in the class.
Best Buy Customer Data Privacy Lawsuit — Timeline
| Milestone | Date |
| Complaint filed in Hennepin County, Minnesota state court | March 27, 2026 |
| Case removed to U.S. District Court, District of Minnesota | April 27, 2026 |
| Best Buy Ads / LiveRamp data-sharing practices alleged to have begun | TBD — not specified in complaint |
| Best Buy’s response to the complaint due | TBD — pending court schedule |
| Class certification hearing | TBD — pending court schedule |
| Expected resolution | TBD — early litigation stage |
Best Buy Customer Data Privacy Lawsuit — Frequently Asked Questions, No. 0:26-cv-02381
Is there a class action lawsuit against Best Buy for selling customer data right now?
Yes. A class action complaint — Moon v. Best Buy Co., Inc., No. 0:26-cv-02381-JMB-DJF — was filed in April 2026 in the U.S. District Court for the District of Minnesota. The lawsuit is in its early stages and no settlement has been reached.
Do I need to do anything right now to be included in the Best Buy data privacy class action?
Not immediately. Most class members are automatically included once the court certifies the class. The most useful thing you can do right now is save your Best Buy purchase records and monitor the case docket for updates on deadlines.
When will the Best Buy data privacy case settle?
There is no way to know at this point. The case was filed in April 2026 and is in very early litigation. Privacy class actions typically take one to three years to resolve, depending on whether Best Buy contests the claims and how long discovery takes.
Can I file my own separate lawsuit against Best Buy for selling my personal data instead of joining the class?
Yes, you have that option. But it comes with tradeoffs. Individual lawsuits are more expensive and time-consuming. Most affected customers are better served by the class action unless they have unusually large, documentable individual damages. Talk to a data privacy attorney before making this decision.
How will I find out if the Best Buy lawsuit settles?
If a settlement is reached, the court will require Best Buy to notify class members — typically by email or mail to the address on file with the retailer. You can also monitor the PACER docket under case No. 0:26-cv-02381-JMB-DJF.
What specific law does Best Buy allegedly violate in the 2026 data privacy lawsuit?
The complaint alleges Best Buy violated Virginia’s Personal Information Privacy Act, Va. Code Ann. §§ 59.1-442, by selling customers’ personally identifiable information to third parties without providing proper notice. The complaint also asserts a claim for unjust enrichment under common law.
How much could Best Buy customers receive from a future data privacy settlement?
No money is available yet and no settlement has been proposed. If the case does settle, payouts will depend on the total fund negotiated, attorney fees, and how many people file claims. Privacy cases of this type have varied widely in individual recoveries. A data privacy attorney can help you understand the realistic range based on your specific situation.
Is it true that the FTC warned about data clean rooms like the one Best Buy used?
Yes. The complaint specifically cites a Federal Trade Commission warning that data clean rooms such as LiveRamp do not automatically prevent the impermissible disclosure of consumer information and can still lead to privacy law violations. The FTC’s position strengthens the plaintiffs’ argument that Best Buy could not simply rely on LiveRamp’s “privacy-safe” marketing claims as a legal defense.
Sources Used in This Best Buy Customer Data Privacy Article
- FTC — Data Clean Rooms: Separating Fact from Fiction, November 2024: https://www.ftc.gov/policy/advocacy-research/tech-at-ftc/2024/11/data-clean-rooms-separating-fact-fiction
Prepared by the AllAboutLawyer.com Editorial Team and reviewed for factual accuracy against the court complaint filed in Moon v. Best Buy Co., Inc., No. 0:26-cv-02381-JMB-DJF, and the FTC’s November 2024 data clean room guidance on May 30, 2026. Last Updated: May 30, 2026.
This article is for informational purposes only and does not constitute legal advice. Laws vary by state and individual circumstances differ. For advice about your specific situation, consult a qualified attorney.
About the Author
Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah