Spirit Airlines Wiretaps Visitors to Its Website, Alleges Class Action

to embed snippets of JavaScript computer code, called “session replay code,” in the visitor’s internet browser, alleged the complaint Tuesday (docket 3:23-cv-00233) in U.S. District Court for Southern California. The code then intercepts and records the visitor’s activity, right down to their mouse movements, clicks, keystrokes and URLs of web pages they visit, it said. The vendors use the captured website communications to create a video replay of the user’s behavior on the website and provide it to Spirit for analysis, said the complaint. Secretly deploying the session replay code results in the electronic equivalent of “looking over the shoulder” of each visitor to the Spirit website “for the entire duration of their website interaction,” it said. Session replay code works by inserting computer code into the various “event handling routines that web browsers use to receive input from users,” said the complaint. When a website delivers the code to a user’s browser, that browser will follow the code’s instructions by sending responses in the form of event data to a designated third-party server, it said. The server receiving the event data typically is controlled by the third-party vendor that wrote the code, rather than the owner of the website where the code is installed, it said. Spirit’s procurement and use of FullStory’s session replay code is a wiretap in violation of California statutory and common law, alleged the complaint. Plaintiff Kayla Mandeng visited spirit.com on her computer and smartphone to book flights, only to fall victim to Spirit’s unlawful monitoring and recording of her website activity, it said. Mandeng seeks statutory, compensatory and punitive damages and restitution of profits “unlawfully obtained,” plus injunctive relief enjoining Spirit from the illegal practices described in her complaint. Spirit and FullStory didn’t respond Wednesday to requests for comment.