Security breach notification laws require entities to notify their customers or citizens when they have experienced a data breach and to take certain steps to deal with the situation. This gives these individuals the opportunity to mitigate personal risks resulting from the breach and minimize potential harm, such as fraud or identity theft. Currently, all 50 states, along with the District of Columbia and three U.S. territories, have adopted notification laws requiring notification when a breach has occurred.
Data breaches are becoming increasingly common, affecting some of the biggest companies in the U.S. — and their customers. Small companies have been impacted as well. A record number of 1,862 data breaches occurred in the U.S. in 2021, according to an Identify Theft Resource Center (ITRC) report. The most commonly attacked sectors include healthcare, finance, business and retail, putting the personal information of millions of Americans at risk.
Stranch, Jennings & Garvey attorneys have successfully litigated numerous data breach cases and have achieved multi-million-dollar settlements for individuals whose personal data has been compromised.
Disclaimer: This content is for informational purposes only and does not constitute legal advice. For specific legal guidance, please consult with an attorney.
- In re: Anthem, Inc. Data Breach Litig., MDL 2617 LHK, (N.D. Cal. 2016). The firm served as counsel for plaintiffs in a coordinated action consisting of nationwide cases of consumers harmed by the 2015 criminal hacking of servers of Anthem, Inc. containing more than 37.5 million records on approximately 79 million people receiving insurance and other coverage from Anthem’s health plans. The case settled in 2017 for $115 million, the largest healthcare data breach in U.S. history, and has received final approval.
- In re: McKenzie et al. v. Allconnect, Inc., 5:18-cv-00359 (E.D. Ky.) (J. Hood). The firm served as class counsel in an action brought on behalf of more than 1,800 current and former employees of Allconnect, Inc., whose sensitive information contained in W-2 statements was disclosed to an unauthorized third party who sought the information through an email phishing scheme. The firm negotiated a settlement providing for direct cash payments to all class members, credit monitoring and identity theft protection plan at no cost, capped reimbursement of documented economic losses incurred per class member and other remedial measures. The approximately $2.2 million settlement value is one of the largest per capita recoveries in a W-2 phishing litigation.
In re: Monegato v. Fertility Centers of Illinois, PLLC, Case No. 2022 CH 00810 (Cook County Circuit Court). The firm served as class counsel in a case brought on behalf of approximately 80,000 individuals whose personal information was involved in a February 2021 data breach. A settlement with a total estimated value of $14.5 million was negotiated. Final approval was granted by the Cook County, Illinois Circuit Court in April 2023.
- In re: Winsouth Credit Union v. Mapco Express Inc., and Phillips v. Mapco Express, Inc. Case Nos. 3:14-cv-1573 and 1710 (M.D. Tenn.) (J. Crenshaw). The firm served as liaison counsel in consumer and financial institution action stemming from the 2013 hacking of computer systems maintained by Mapco Express, Inc. The cases settled in 2017 for approximately $2 million.
In re: Owens, et al. v. U.S. Radiology Specialists, et al., Case No. 22 CVS 17797 (Mecklenburg, N.C. Supreme Court). The firm served as plaintiffs’ counsel in action brought on behalf of approximately 1.3 million individuals whose sensitive, personal information was potentially compromised in defendants’ December 2021 data security incident. Along with co-counsel, the firm negotiated a $5,050,000 non-reversionary common fund settlement including pro rata cash payments, reimbursement of up to $5,000 for out-of-pocket expenses traceable to the data breach per person, compensation for lost time and verified fraud reimbursement. Preliminary approval pending.
Many more nationwide, including:
- In re: Larson v. Aditi Consulting, LLC, Case No. 22-2-03572-2 SEA (King County, Washington Supreme Court) Final approval was granted July 14, 2023.
- In re: Carr v. South Country Health Alliance, Case No. 74-CV-21-632 (Steele County, Minnesota District Court) Final approval was granted Nov. 6, 2023.
- In re: Reese v. Teen Challenge Training Center, Inc., Case No. 210400093 (Philadelphia County, Pennsylvania Court of Common Pleas) Final approval pending.
- In re: Joyner v. Behavioral Health Network, Inc., No. 2017CV00629 (Massachusetts Supreme Court) A non-reversionary common fund of $1,200,000 was established to provide credit monitoring, and cover claims of economic loss up to $10,000 and non-economic loss up to $1,000 for lost time for each of the approximately 133,237 class members.