Without data breach class actions, large corporate defendants would be able to cause small amounts of harm over a large group of individuals without any risk of monetary penalty.
Holding companies accountable for poor cybersecurity and data theft incidents helps ensure that consumers are better protected in the future.
Yes, in most cases. Each case is different, but some recent lawsuits have proven to be quite valuable. In one data breach suit, plaintiffs obtained a $17.5 million settlement against The Home Depot due to a data breach. The settlement resolves a multistate data breach which exposed the payment card information of approximately 40 million Home Depot consumers.
The Home Depot data breach made vulnerable the company’s self-checkout point-of-sale system. In addition to the $17.5 million settlement, The Home Depot has agreed to improve network security and maintain data security practices in order to strengthen its data security program and protect the personal information of consumers.
Under current privacy law the firm or organization that is storing user data are responsible for data breaches and will pay any fines or damages that are the result of legal action. The actual data holder—an organization that provides cloud storage—is not usually legally implicated or held responsible in litigation.
The majority of data breach incidents are due to hackers manipulating outdated or negligent network security systems. Outside threats pose personal data risks for consumers, though there is also a risk with poor internal security and cloud-based data networks. Some common ways data can be compromised include:
The Federal Trade Commission has issued a Policy Statement instructing health app and connected device companies to comply with existing data breach notification rules. A “breach of security” under the new regulation includes the acquisition of identifiable health information without the authorization of the individual.
A “breach of security” does not only mean a cybersecurity mishap, or the result of “nefarious activity,” but also prohibits the sharing of protected data without the consent of the user.
Upon discovery of a data breach, a health entity is obligated to notify each affected United States citizen, as well as the FTC.
Privacy laws are meant to protect patients’ personal health data, and when institutions fail to protect personal data they may be sued for damages. In recent years much health data has been leaked and stolen, causing significant damages to plaintiffs who have have taken legal action.
In a recent case the American Medical Collection Agency (AMCA) settled with nearly 21 million people in 40 states and Washington D.C. concerning a data breach that may have exposed their personal information. The breach, which occurred in 2018, lasted nearly a year until official notice of the intrusion.
An unauthorized user gained access to the AMCA internal data system and collected the personal information, including Social Security numbers, financial information, and personal health information, such as medical tests and diagnostic codes.
A Class Action is a lawsuit brought by an individual on behalf of all other similarly situated individuals. Rule 23 of the Federal and State Rules of Civil Procedure allows for Class Action lawsuits to resolve disputes in an efficient format.
Class Actions are typically filed when the amount of money in dispute for a single plaintiff would not justify litigating the case, but where the amount of damages of the entire class of Plaintiffs would justify the cost of litigation. Without class actions, large corporate defendants would be able to cause small amounts of harm over a large group of individuals without any risk of monetary penalty.
In order for a case to be certified as a Class Action, the Court must determine that the case is appropriate for class action treatment under Rule 23. There are different elements depending on whether the case is seeking monetary or injunctive relief. In general, the Court must find the following elements are satisfied:
Companies big and small today face the reality that it is likely that their network will be breached. As a result, they must do all they can to prevent attacks. If they fail to protect private information, class action data breach lawsuits can be filed.
In June 2017, America’s largest insurance company, Anthem, agreed to a $115 million settlement after a security breach compromised the private data of 80 million customers. Healthcare organizations are reporting a steep rise in data breaches, and the situation could worsen.
The rise of healthcare hacks have left millions of patients vulnerable to stolen medical records and identity theft. The vast majority of hospitals and health insurance companies have reported medical record data breaches, and although it is unknown what can be done with medical data, patient’s financial data and personal information can easily be used in nefarious ways.
With the rise of electronic medical data storage in place of old paper files, there are more and more instances of healthcare related security breach incidents and subsequent class action lawsuits.
America’s largest insurance company, Anthem, agreed to a $115 million settlement after a data breach compromised 80 million customers.
Ohio’s attorney general approved a $39.5 million settlement with health insurance provider Anthem Inc., involving a data breach that compromised personal information for millions of Americans. Ohio will get a little less than $2 million in the settlement.
In 2014, hackers gained access to Anthem’s data trove that leaked personal information, including names, Social Security numbers and addresses for more than 5 million Ohioans.
Hotels are prime targets in data theft attacks because they compile so much personal information, including names, email addresses, phone numbers, passport numbers, photo IDs, and credit card information. Hotel data breach incidents can be devastating to affected victims.
Marriott was a good example of a hotel chain that failed to meet consumer security expectations when the company was hacked and customer information for 300 guests was stolen.
A data breach targeting Expedia.com and other affiliated vacation-booking websites exposed tens of millions of personal records. As a result, a data breach class action lawsuit was filed against Expedia and the Amazon technology that the company relies on to keep their data protected.
Plaintiffs say the companies involved in the breach failed to adequately protect customers’ information, then left it to the media to eventually inform affected consumers. The data breach was first reported in November 2020, involving Expedia and Hotel.com services and Amazon Web Services technology. An investigation found a “misconfigured” cloud-based server, compromising sensitive personal information.
Experts estimate at least 10 million records dating back to 2013 could have been exposed, including credit card numbers, home addresses, passport numbers, and driver licenses.
Restaurants have been hacked in recent years, and most have admitted they were not prepared and do not have the ability to ward off such data theft attacks.
Arby’s, Checkers and many others have been the subject or attacks and subsequent class action data privacy lawsuits. Consumers and restaurant customers have a right to use their credit card and assume their personal information is protected by a company.
Other large data breach settlements include:
Threat actors are almost certain to continue to evolve in the their methods of attack. Hackers abuse and weaponize legitimate tools in ransomware campaigns and data theft incidents. Companies and government entities must work to boost threat detection resources to protect themselves and American consumers. Paying ransoms is not a viable long-term strategy to deal with hackers. Some of the following may help to detect and mitigate future attacks:
To add to other privacy concerns for American consumers, automobile manufacturers are allegedly collecting personal data at a rapid pace. Unfortunately, there have already been security breaches involving automakers. General Motors (GM) announced in May 2022 that it was hit by a credential stuffing attack that exposed customer information and allowed hackers to redeem rewards points and gift cards.
GM said that they detected the malicious login activity and began a data theft investigation. GM posted a data breach notification and sent notices to affected customers.
A credential stuffing attack is possible when credentials are obtained from a previous data breach. Such data was likely not obtained from GM but a third party.
The stolen personal data of affected GM customers includes full names, email addresses, home addresses, usernames and phone numbers, last known and saved favorite location information, avatars and photos, profile pictures, search and destination information, and Wi-Fi hotspot settings.
Recent reports note that some modern cars collect a vast amount of personal data, and may track where we live, who we text, and what restaurants we visit. Collected data isn’t delivered to car owners, but rather to the automakers, or third parties willing to pay for the data. The data generated by cars may be worth billions of dollars each year.
Following a data breach incident, victims should consider talking to a legal expert, and move quickly to take the following steps to help prevent identity theft and fraud:
We work with law firms across the country to provide the most resources possible and to build your case into a valuable settlement.
Invasion of privacy law has been established to protect consumers and citizens of the United States. When companies are negligent and fail to protect consumer information, which can be used in malicious ways, victims can contact a class action attorney to represent them in class action data breach lawsuits. A number of privacy breach and data breach claims have been settled by The Lyon Firm and other consumer protection lawyers around the country.
Consumers have rights in the USA, and when companies do not provide a service they have promised, or hold up their end of a bargain, legal action may be necessary. Consumer protection attorneys work on your behalf to hold companies responsible for providing a fair and safe service.
The Lyon Firm has worked with law firms nationwide in consumer class actions involving deceptive marketing, false advertising, food mislabeling and misleading marketing claims.
TCPA lawsuits have become one of the most common kinds of legal claims. The TCPA Act provides privacy protection for consumers by restricting how companies and organizations can contact you by telephone. Robocall harassment and unfair debt collection has been a serious issue that has required lawsuits in order to keep telemarketing companies at bay.
If you have experienced telephone harassment by a bank, real estate company, hotel, political campaign or anyone else, you may have TCPA claim. The Lyon Firm works diligently to seek compensation for those harassed at their home or work.
Class action wage and hour lawsuits are always ongoing, as some employers fail to treat employees properly, and attempt to cut workers out of earned wages. Wage theft lawsuits can be valuable for a class of plaintiffs who believes their employer has cheated them out of overtime pay and other earned wages.
There have been several wage theft lawsuits and settlements that have compensated employees for the wages they have earned, as well as damages for emotional distress and punitive damages when an employer is negligent in treating workers in accordance to Ohio labor law.