lime crime security breacj
photo: Lime Crime

In 2015, Lime Crime set itself in stone as the most controversial beauty brand of all time when it failed to announce that hackers had installed malicious software on the brand's server, which was then used to steal customers' credit card information.

After the breach, Lime Crime opted to post on Instagram and Facebook rather than immediately warning its customers directly. Those who made purchases on Lime Crime's site allegedly lost up to thousands of dollars each after their information was stolen, and many claim they were never reimbursed. 

Now, a few key customers are demanding everyone get their money back — and it's working.

Lime Crime just settled a lawsuit with nine customers whose information was stolen in the brand's 2015 server hack.

The class-action lawsuit, filed January 2016, demanded "redress" for Lime Crime's failure to secure its customers' private information — and its failure to alert customers of information theft.

The nine plaintiffs who sued the brand all made at least one purchase on Lime Crime's website between October 2014 and February 2015 — each of them experienced fraudulent credit card charges ranging from $55 to $882.54.

You can read the legal filing in its entirety here.

Now, as a part of the settlement, Lime Crime must repay "eligible claimants" who lost money in that hack.

Lime Crime will be required to start what's called a "settlement fund" of $110,000 solely for the purpose of reimbursing those who file for benefits and successfully prove fraudulent credit card charges caused by the security breach.

You can read all the details of the settlement here.

If you can prove your information was stolen from Lime Crime's server in 2015, you can file for reimbursement right now. Here's how you do that:

Simply print this claim form provided by the court, fill it out, and mail it to the address listed before April 9, 2018. For doing this, you will be asked to provide documentation of credit card fraud in the correct time period, and you will be legally barred from suing Lime Crime for the same security breach.

Claimants also have several other legal options.

They're detailed by this court notice here.

As part of the settlement, Lime Crime is also now legally required to beef up its server security.

Among other actions detailed in the settlement stipulation, Lime Crime must hire a chief information security officer, conduct product and risk data assessments, and continue to provide customers with privacy policy updates.

Controversy aside, at the very least, this lawsuit is making the internet just a little bit safer for makeup lovers.

A liquid lipstick shouldn't cost you your privacy — and now, it won't.