Data Breach Lawsuit Legal News and Information

A data breach occurs when sensitive information collected (and sometimes stored) by a company is made vulnerable by someone illegally accessing that information. Information breaches can occur in a number of ways, but generally involve computer hackers or computer theft, followed by unlawful access to customer or client information. This sometimes results in personal information being sold illicitly. Consumers whose information has been illegally accessed can file data breach lawsuits. Data breaches are reportedly on the rise and with them more identity theft lawsuits and data breach lawsuits are expected.

Data breaches can happen at large and small organizations, at retail stores, universities, online shopping sites or anywhere an organization collects and/or stores its customers' or clients' information. For example, data breaches can occur when the servers storing university student information are hacked, when point-of-sale devices are tampered with to record password and financial information and when computers containing sensitive information are stolen.

In each of these cases, personal information is vulnerable to use for illegal gains. Thieves might sell that information to others who use it in identity theft or to steal money from accounts, for example. Unfortunately, in many cases the organization whose information has been compromised does not become aware of the issue until its customers' information has been used.

Information that can be made available depending on the data breach includes names, addresses, contact information, bank account information, social security numbers, usernames, passwords and email addresses.


Not all data breaches result in money or identities being stolen. In some data breaches the personal information is made vulnerable but not used (such as when a server is accessed illegally for reasons other than to steal the personal information contained on it). That said, in all data breach cases, personal information is vulnerable and there is the possibility that it has been used or could be used in the future if that personal information was copied.

Among companies and organizations that were reportedly victims of data breaches: Adobe, Target, Neiman Marcus, Living Social, Sony PSN and TJX (owner of TJ Maxx and Marshalls).

Target faces a class action lawsuit after a breach of its customer information was announced. The class action lawsuit claims that Target was negligent in its failure to implement and maintain reasonable security procedures and practices appropriate to the nature and scope of the information compromised in the data breach. Subsequent Target stolen PIN data lawsuits allege negligence by Target and that the company knew, or should have known, about the security vulnerabilities when dealing with sensitive personal information. Another lawsuit claims Target broke Minnesota law by not alerting customers quickly enough after learning of the security issue, and in California, a Target customer alleges both negligence and invasion of privacy.

More than $5 million in damages is being sought in three class action lawsuits, two of which were filed in California and one in Oregon. The Target breach is the second-largest in U.S. history, surpassed by a case involving retailer TJX (TJ Maxx stores) in 2005. Target is headquartered in Minneapolis and has almost 1,800 stores in the US and 124 in Canada.

Neiman Marcus Data Breach
According to reports, Neiman Marcus was also breached by hackers who reportedly stole personal information from more than 1.1 million debit and credit cards over a period of several months. It is believed that the same malware that was used on terminals in Neiman Marcus stores was also used to infiltrate Target's systems, although it is not clear if the same criminals are involved in both attacks. The information was reportedly stolen between July 16 and October 30, 2013.

At least one lawsuit has reportedly been filed against Neiman Marcus related to the data breach. The lawsuit, filed by Melissa Frank, alleges fraudulent charges were made on her debit card after her card information was stolen. The lawsuit alleges Neiman Marcus knew about the stolen information but waited weeks to inform consumers.

Frank's lawsuit seeks class action status.

Michael's Possible Data Breach
Michael's stores announced that it had possibly been breached by cyberhackers, although the company said it has not yet confirmed that its systems were hacked. A spokesperson for Michael's craft stores said the company decided to make the announcement quickly so customers could protect themselves. So far, the company has not said how many customers could have been affected by the possible breach, nor has it said when the breach is believed to have happened. The Secret Service is reportedly investigating the matter.

Adobe Data Breach Lawsuit
Computer software maker Adobe Systems announced in October 2013 that their corporate data base was hacked and data from more than 38 million customer accounts were stolen. A class action lawsuit alleges that Adobe failed to use reasonable security practices that resulted in the data breach. As of November 2013, the company said it is still determining how much invalid account information was breached and it is in the process of notifying affected users.

Snapchat Data Breach – Potential Lawsuit
A Snapchat data breach at the beginning of January 2014 exposed the usernames and partial phone numbers of 4.6 million subscribers. Snapchat, a photo and video-sharing chat app, was already in trouble with the Federal Trade Commission: last year EPIC (Electronic Privacy Information Center) filed a complaint regarding the company' deceptive claim that photos would "disappear forever" after a set period of time. This recent breach was apparently exploited by hackers due to a flaw that had already been brought to the company' attention by security researchers. The leaked information is mostly concentrated to California and New York Snapchat account holders, with the two states accounting for some 2.3 million accounts. Other regions impacted include Illinois, Colorado, and Florida, according to security vendor AdaptiveMobile.

Snapchat users are advised to change their passwords and usernames on other accounts and they may want to join a lawsuit: several claims accuse the company of negligence in its security practices in allowing personal information to be leaked.

Due to the increasing number of medical data breaches, the US and the EU have imposed mandatory medical data breach notifications in part to quell the lack of public trust. Laws now require safeguards to be enacted to protect the security and confidentiality of shared electronic medical information and to give patients rights to monitor their medical records and receive notification for medical record access breaches.

Health Net in 2011 notified nearly two million patients that a data breach had compromised their private information, potentially exposing patients' names, addresses, medical information, Social Security numbers, and other financial information. A class action lawsuit claims that Health Net and its server driver company, IBM, violated patients' privacy rights and other consumer protection laws.

The latest medical data breach class action was filed In California against Kaiser Permanente after a flash drive containing medical records of almost 49,000 Kaiser Permanente patients was lost, which violated the Confidentiality of Medical Information Act. The flash drive was reported missing from Kaiser' nuclear medicine department on Sept. 25, 2013, according to the The Los Angeles Times.

The lawsuit filed by plaintiff Ginger Buck Ginger Buck, et al. v. Kaiser Permanente International, Case No. BC531253, in the Superior Court of the State of California for the County of Los Angeles, Central District, claims that her private, confidential and sensitive medical information was compromised and Kaiser violated its legal duty to protect the confidential data stored on the flash drive.

California law requires that medical providers maintain their patients' medical information confidential and prohibits the disclosure of such information without the patient' written authorization. Under this law affected patients are entitled to statutory damages of $1,000.

One example of Identity Theft occurred in September 2013 when JPMorgan Chase & Co was accused of printing Social Security numbers on the outsides of form letters mailed to customers to tell them about the bank's efforts to protect their private information. A lawsuit ensued, arguing that "Disclosure of Social Security numbers can be especially harmful since they cannot easily be replaced, like a credit or debit card". The lawsuit, Alexander Furman et al v JP Morgan Chase & Co et al, No. 13-cv-06749, U.S. District Court, Northern District of Illinois,, alleged that Chase violated Ilinois' consumer fraud act, which prohibits the printing of Social Security numbers on mailings. Several states have passed certain laws to help combat identity theft.

Experts predict an increase in class action identity theft lawsuits based on the following facts:

• Identity theft is on the rise
• Security breaches are often repetitive in nature and caused by reckless practices of companies, their employees and/or third party service providers
• The impact of the crime in terms of the number of victims and financial losses often affects millions of people
• Consumers are demanding that action be taken
• State and Federal governments and regulators are paying attention
• Many states are enacting laws (e.g, California and medical providers, above) to protect consumers
• A number of privacy and identity theft laws such as HIPAA, GLBA and Red Flags are issued and enforced by various agencies

TD Ameritrade Inc. in May 2007 was hit with a class action lawsuit alleging it improperly allowed third parties to access customers' e-mail addresses, resulting in their receiving spam. The company was accused of violating the Controlling the Assault of Non-Solicited Pornography and Marketing Act and state-law causes of action. Their lawsuit was consolidated with a class action suit alleging violation of the Computer Fraud and Abuse Act and several state-law claims.

Ameritrade agreed to pay the class a minimum of $2.5 million and a maximum of $6.5 million, based on the number of claims submitted. Class members will receive $50 to $2,500 per claim, as follows: $50 for identity theft on an existing credit or debit card, $250 for identity theft on another account, and up to $1,000 (including the $250) for unreimbursed losses.

A data breach class action complaint filed in August 2007 against Certegy Check Services regarding the breach of consumers' confidential financial data resulted in a proposed settlement agreement with plaintiffs in a consolidated class action proceeding in federal court in Florida (the "Lockwood case").

In October 2013 a $3 million settlement was proposed in Resnick/Curry v. AvMed, Inc., No. 1:10-cv-24513-JLK (S.D. Fla.), a data breach lawsuit pending in the Southern District of Florida. Resnick involved the theft of two unencrypted laptops from AvMed that contained personal information of approximately 1.2 million customers/insureds ("the plaintiffs"). The plaintiffs filed a class action lawsuit claiming that AvMed failed to adequately secure the plaintiffs' personal information.

This is the second data breach lawsuit filed in the Southern District of Florida that has resulted in a substantial settlement for the plaintiffs. ( Burrows v. Purchasing Power settled for about $430,000). The Southern District of Florida Court has set the Final Approval Hearing for February 28, 2014.

Data Breach Legal Help

If you or a loved one has suffered similar damages or injuries, please click the link below and your complaint will be sent to a lawyer who may evaluate your claim at no cost or obligation.

Last updated on May-8-15