Retail giant Wal-Mart has been sued for allegedly violating the California Consumer Privacy Act (CCPA).

The company is accused of causing "material injury and damage" to customers as a result of an unknown data breach.

The lawsuit, filed on July 10 in the U.S. District Court for the Northern District of California, alleges that hackers were able to break into Walmart's official website and harvest customer data, as reported by Infosecurity and Bloomberg Law.

The lawsuit does not specify when the breach allegedly took place, nor does it specify the total amount of damages.

The lawsuit alleges that hackers stole personal information, including customer names, home addresses, and financial information, to sell to other cybercriminals on the dark web.

The lawsuit states: "As a result of defendants' wrongful acts and omissions, customer information was stolen. Many of Wal-Mart's customers had their PII (personally identifiable information) compromised, had their privacy rights violated, were exposed to the risk of fraud and identity theft, and suffered other damages.

"Moreover, despite the fact that accounts were sold on the dark web and that Walmart's website had multiple serious vulnerabilities from which data was obtained, Walmart never notified its customers that their data had been stolen.

The lawsuit does not specify the exact number of customers whose data was compromised in the alleged hack, but the lawsuit states that it was "at least several thousand."

Under the California Consumer Privacy Act (CCPA), Wal-Mart could be made to pay $750 to every customer affected by the breach.

According to a Bloomberg report, Wal-Mart denies that the information breach occurred and plans to refute the claims in court. A spokesperson told Bloomberg: "Protecting customer data is a top priority and we take it very seriously.

"We dispute the plaintiffs' claim that a failure in our systems played any role in the release of personally identifiable information."

Wal-Mart joins many other high-profile companies facing lawsuits as a result of California's new privacy law, including Salesforce and Clearview.

Jake Moore, a security specialist at ESET, told Tom's Guide: "Companies of this size and scale need to understand the risks to their customers. We don't want to see anyone go out of business, but it helps other firms minimize risk, learn from their mistakes, and secure their future.

"Once stolen, personal information cannot be fully recovered. Furthermore, most of it, such as your name and date of birth, cannot be changed as easily as a compromised password or bank card number. This may sound trivial, but fraudsters can do a lot of damage with lists of customer data.