Hackers can do a lot with unique personal data like a Social Security number. The most common data stolen includes:

• Names
• Phone numbers
• Addresses
• Social security numbers
• Genetics & DNA
• Medical data
• Health insurance information
• Bank and credit card information
• Driver’s license numbers
• Health app data

Protecting your data and information is important. Even the most seemingly small or insignificant piece of data could be used to gain access to more of your personal accounts.

The criminals behind most data breach events are after money. Once they are able to obtain a large volume of personal information, they usually put it up for sale on various online forums, typically on the dark web.

The dark web is a hidden layer of the internet, inaccessible on normal search engines–specific software is required to access it. The dark web is popular with cybercriminals as it offers anonymity and is mostly untraceable.

Once data is obtained, criminals can use it to file fraudulent tax returns, pay for medical costs, file for unemployment, open credit card accounts, and apply for various loans.

According to Experian, some common prices for pieces of information sold on the dark web include the following:

• Social Security number – $1
• Online payment information – $20 – $200
• Credit or debit card – $5 – $110
• Drivers license number – $20
• Loyalty accounts – $20
• Diplomas – $100 – $400
• Passports – $1000 – $2000
• Subscription services – $1 – $10
• Medical records – $1 – $1000

While such information is associated with various selling prices, the real damage is in the way it is used when sold. One item of information could lead to very costly losses.

After your data is stolen once, you may always be at risk for future identity theft. But, you can protect yourself with identity theft coverage and subscribing to an ID Theft Recovery service. You can also contact a lawyer for advice on further steps you can take to cover yourself.

Even if you feel like your information is safe for now, once personal information is stolen and leaked to the dark web, the fraud risks remain as long as that information remains at large.

It’s important to stay alert and watch for signs of fraudulent activity. If you happen to see unusual activity on your accounts, be sure to take the appropriate actions to help protect yourself. If you want more information on what to do when a data breach impacts you, visit the FTC identity theft website.

After a data breach turns your life upside down, remember that you are not the only victim. There are millions of Americans who suffer from data privacy events every year. In turn, they may seek legal action for compensation and to hold companies accountable for negligent security systems.

If you want more information on current data breach litigation and how to file a data theft class action lawsuit, contact The Lyon Firm at (513) 381-2333 for a free and confidential case review.

The Lyon Firm is actively involved in numerous data privacy cases and has experience filing data security claims on behalf of plaintiffs nationwide.

Companies who collect and store data have a duty to protect personal information to the best of their ability. When they are negligent, and a data theft incident occurs, they may be liable for the following:

• Improperly monitoring data security systems for existing intrusions
• Not ensuring that vendors with access to computer systems and data employ reasonable security procedures
• Improperly training employees in handling emails containing personally identifiable information (PII) and personal health information (PHI)
• Failure to maintain adequate email security practices
• Failure to implement technical policies and procedures to allow electronic PHI access only to individuals or software programs granted access rights
• Failure to implement procedures to review records of information system activity regularly, such as audit logs, access reports, and security incident tracking reports
• Improperly protecting against reasonably anticipated threats or hazards to the security or integrity of electronic PHI

An experienced class action attorney can determine if you are eligible to file a data breach lawsuit or join a class of plaintiffs. A lawyer can assist in answering the following:

• Did the company fail to adopt security safeguards that would have prevented a security breach?
• Did the company notify customers as soon as it learned of the incident?
  Did the company provide a complete list of all
• individuals affected by the data breach?
• Did the company provide security in line with industry standards?

Failure to take any of these steps can result in legal action against a business entity.

The Federal Trade Commission has issued a Policy Statement instructing health app and connected device companies to comply with existing data breach notification rules. A “breach of security” under the new regulation includes the acquisition of identifiable health information without the authorization of the individual.

A “breach of security” does not only mean a cybersecurity mishap, or the result of “nefarious activity,” but also prohibits the sharing of protected data without the consent of the user.

Upon discovery of a data breach, a health entity is obligated to notify each affected United States citizen, as well as the FTC.

Privacy laws are meant to protect patients’ personal health data, and when institutions fail to protect personal data they may be sued for damages. In recent years much health data has been leaked and stolen, causing significant damages to plaintiffs who have taken legal action.

A Class Action is a lawsuit brought by an individual on behalf of all other similarly situated individuals. Rule 23 of the Federal and State Rules of Civil Procedure allows for Class Action lawsuits to resolve disputes in an efficient format.

Class Actions are typically filed when the amount of money in dispute for a single plaintiff would not justify litigating the case, but where the amount of damages of the entire class of Plaintiffs would justify the cost of litigation. Without class actions, large corporate defendants would be able to cause small amounts of harm over a large group of individuals without any risk of monetary penalty.

In order for a case to be certified as a Class Action, the Court must determine that the case is appropriate for class action treatment under Rule 23. There are different elements depending on whether the case is seeking monetary or injunctive relief. In general, the Court must find the following elements are satisfied:

• Numerosity: The proposed class must be so numerous that simply joining the individual plaintiffs would be impractical. Generally, the class size should exceed 100 individuals.
• Common Questions of Law or Fact: The facts and/or legal questions in the dispute must be common to all class members. This does not mean all facts or issues must be identical, but the primary facts and law that will determine the issue in dispute must be common among all class members.
• Typicality: The named Plaintiff in the case must have the same facts and legal issues as the class they are proposing to represent. If the Plaintiff’s individual case involves issues of fact or law unique to that Plaintiff and are irrelevant to the ultimate issue, class certification may be denied by the Court.
• Plaintiff/Counsel Adequately Represents the Class: The Court must find that the Plaintiff and Plaintiff’s Counsel are competent and will protect the class’ interests.
• Predominance: Common questions of fact must predominate over individual facts.
• Superiority: The Class Action is a more efficient and fair means of resolving the dispute. The Court will look at the following factors when making this determination: (1) Class Member interest in maintaining a separate action; (2) the extent of any litigation already begun by other class members; (3) desirability or undesirability of litigating the case in a particular Court ; and (4) difficulties in managing the class.

If you have any questions about class action requirements, an attorney can provide you with answers and insights.

Data Breach Class Action Settlements

Settlement amounts depend on various factors, such as how many consumers were affected.

The following cases provide a picture of how large many of these breaches can be, and the amount of payment involved to consumers:

• Capital One announced that 100 million credit card accounts were hacked and personal information was stolen. Attorneys are investigating whether bank account info, social security numbers and other sensitive information was taken.
• Yahoo has been a target in class action data breach lawsuits after tens of millions of user accounts were compromised due to ineffective site security. The company paid more than $117 million to settle the case.
• Equifax admitted that 43 million American accounts were hacked and leaked information such as names, birth dates, social security numbers and phone numbers. Some consumers also had their tax IDs exposed. Equifax paid a settlement of over $700 million.
• Home Depot paid $19.5 million to consumers in a data breach settlement. Home Depot agreed to pay $25 million to banks and credit card companies in the following year.
• Facebook announced in 2018 that a data breach leaked information from over 50 million users. Class action lawsuits are pending. The social media company also faces various privacy lawsuits and settled one recently involving facial recognition technology for over $500 million.

Companies big and small today face the reality that it is likely that their network will be breached. As a result, they must do all they can to prevent attacks. If they fail to protect private information, class action data breach lawsuits can be filed.

Healthcare Security Breach

The rise of healthcare hacks have left millions of patients vulnerable to stolen medical records and identity theft. The vast majority of hospitals and health insurance companies have reported medical record data breaches, and although it is unknown what can be done with medical data, patient’s financial data and personal information can easily be used in nefarious ways.

With the rise of electronic medical data storage in place of old paper files, there are more and more instances of healthcare related security breach incidents and subsequent class action lawsuits.

Hotel Data Breach

Hotels are prime targets in data theft attacks because they compile so much personal information, including names, email addresses, phone numbers, passport numbers, photo IDs, and credit card information. Hotel data breach incidents can be devastating to affected victims.

Marriott was a good example of a hotel chain that failed to meet consumer security expectations when the company was hacked and customer information for 300 guests was stolen.

Travel Site Data Breach

A data breach targeting Expedia.com and other affiliated vacation-booking websites exposed tens of millions of personal records. As a result, a data breach class action lawsuit was filed against Expedia and the Amazon technology that the company relies on to keep their data protected.

Plaintiffs say the companies involved in the breach failed to adequately protect customers’ information, then left it to the media to eventually inform affected consumers. The data breach was first reported in November 2020, involving Expedia and Hotel.com services and Amazon Web Services technology. An investigation found a “misconfigured” cloud-based server, compromising sensitive personal information.

Experts estimate at least 10 million records dating back to 2013 could have been exposed, including credit card numbers, home addresses, passport numbers, and driver licenses.

Restaurant Data Breach

Restaurants have been hacked in recent years, and most have admitted they were not prepared and do not have the ability to ward off such data theft attacks.

Arby’s, Checkers, and many others have been the subject of attacks and subsequent class action data privacy lawsuits. Consumers and restaurant customers have a right to use their credit card and assume their personal information is protected by a company.

To add to other privacy concerns for American consumers, automobile manufacturers are allegedly collecting personal data at a rapid pace. Unfortunately, there have already been security breaches involving automakers. General Motors (GM) announced in May 2022 that it was hit by a credential stuffing attack that exposed customer information and allowed hackers to redeem rewards points and gift cards.

GM said that they detected the malicious login activity and began a data theft investigation. GM posted a data breach notification and sent notices to affected customers.

A credential stuffing attack is possible when credentials are obtained from a previous data breach. Such data was likely not obtained from GM but a third party.
The stolen personal data of affected GM customers includes full names, email addresses, home addresses, usernames and phone numbers, last known and saved favorite location information, avatars and photos, profile pictures, search and destination information, and Wi-Fi hotspot settings.

Recent reports note that some modern cars collect a vast amount of personal data, and may track where we live, who we text, and what restaurants we visit. Collected data isn’t delivered to car owners, but rather to the automakers, or third parties willing to pay for the data. The data generated by cars may be worth billions of dollars each year.