Stranch Jennings and Garvey law firm logo
Phone

615.254.8801

Email

info@stranchlaw.com

}
Monday - Friday

8:00am – 5:00pm

Call Us for a Consultation

Practice Area

Privacy Litigation

Practice Area

Privacy Litigation

A hacker working on a laptop computer and reading coding.

Security breach notification laws require entities to notify their customers or citizens when they have experienced a data breach and to take certain steps to deal with the situation. This gives these individuals the opportunity to mitigate personal risks resulting from the breach and minimize potential harm, such as fraud or identity theft. Currently, all 50 states, along with the District of Columbia and three U.S. territories, have adopted notification laws requiring notification when a breach has occurred.

Data breaches are becoming increasingly common, affecting some of the biggest companies in the U.S. — and their customers. Small companies have been impacted as well. A record number of 1,862 data breaches occurred in the U.S. in 2021, according to an Identify Theft Resource Center (ITRC) report. The most commonly attacked sectors include healthcare, finance, business and retail, putting the personal information of millions of Americans at risk.

Stranch, Jennings & Garvey attorneys have successfully litigated numerous data breach cases and have achieved multi-million-dollar settlements for individuals whose personal data has been compromised.

Disclaimer: This content is for informational purposes only and does not constitute legal advice. For specific legal guidance, please consult with an attorney.

Contact Us for a Consultation

Privacy Litigation

Cases Served

  • In re: Anthem, Inc. Data Breach Litig., MDL 2617 LHK, (N.D. California 2016). The firm served as counsel for plaintiffs in a coordinated action consisting of nationwide cases of consumers harmed by the 2015 criminal hacking of servers of Anthem, Inc. containing more than 37.5 million records on approximately 79 million people receiving insurance and other coverage from Anthem’s health plans. The case settled in 2017 for $115 million, the largest healthcare data breach in U.S. history.
  • In re: MGM International Resorts Data Breach Litigation (D. Nevada). Two separate data breaches by cybercriminals against MGM Resorts International (MGM) in 2019 and 2023 resulted in the exposure of private information of tens of millions of MGM guests. Following both incidents, multiple lawsuits were filed. In July 2024, plaintiffs in the lawsuits agreed to participate in joint mediation — In re: MGM International Resorts Data Breach Litigation. In October 2024, the plaintiffs filed a notice of settlement, notifying the court that all parties were able to resolve the cases. On. Jan. 22, 2025, Nevada District Judge Gloria M. Navarro issued an order granting plaintiffs’ unopposed motion for preliminary approval of a $45 million class action settlement in the case. The final approval hearing is scheduled for June 18, 2025. J. Gerard Stranch, founding and managing member, served as a co-lead for the 2023 case leadership team.

  • Monegato v. Fertility Centers of Illinois, PLLC, Case No. 2022 CH 00810 (Cook County Circuit Court). The firm served as class counsel in a case brought on behalf of approximately 80,000 individuals whose personal information was involved in a February 2021 data breach. A settlement with a total estimated value of $14.5 million was negotiated. Final approval was granted by the Cook County, Illinois Circuit Court in April 2023.

  • In re: Evolve Bank & Trust Customer Data Security Breach Litigation, MDL 2:24-md-03127 (W.D. Tennessee) (J. Lipman). Serving as lead counsel for the class, SJ&G’s Founding and Managing Member J. Gerard Stranch secured an $11.8 million settlement for the plaintiffs. This multidistrict litigation followed a data breach by cybercriminals against Evolve Bank & Trust that resulted in the theft of personal banking data of bank customers as well as Evolve fintechs’ customers. Following the breach, multiple class action lawsuits were filed against the defendant and Evolve fintechs. The cases were consolidated in October 2024.
  • In re: CorrectCare Data Breach Litigation, 5:22-319-DCR (E.D. Kentucky). J. Gerard Stranch, founding and managing member, served as class counsel in this class action lawsuit that resulted in a $6.49 million settlement, providing affected individuals up to $10,000 in reimbursement for documented losses related to the breach. The suit was the result of a 2022 data breach that exposed sensitive health data of more than 391,000 individuals.

  • In re: Owens, et al. v. U.S. Radiology Specialists, et al., Case No. 22 CVS 17797 (Mecklenburg, North Carolina Supreme Court). The firm served as plaintiffs’ counsel in action brought on behalf of approximately 1.3 million individuals whose sensitive, personal information was potentially compromised in defendants’ December 2021 data security incident. Along with co-counsel, the firm negotiated a $5.05 million non-reversionary common fund settlement including pro rata cash payments, reimbursement of up to $5,000 for out-of-pocket expenses traceable to the data breach per person, compensation for lost time and verified fraud reimbursement.

  • Weigand, et al. v. Group 1001 Insurance Holdings LLC, et al., 1:23-cv-01452 (S.D. Indiana). The firm helped achieve a $4.76 million settlement resulting from a February 2023 data breach allegedly caused by Group 1001 failing to provide reasonable cybersecurity practices.
  • McKenzie et al. v. Allconnect, Inc., 5:18-cv-00359 (E.D. Kentucky) (J. Hood). The firm served as class counsel in an action brought on behalf of more than 1,800 current and former employees of Allconnect, Inc., whose sensitive information contained in W-2 statements was disclosed to an unauthorized third party who sought the information through an email phishing scheme. The firm negotiated a settlement providing for direct cash payments to all class members, credit monitoring and identity theft protection plan at no cost, capped reimbursement of documented economic losses incurred per class member and other remedial measures. The approximately $2.2 million settlement value is one of the largest per capita recoveries in a W-2 phishing litigation.
  • Winsouth Credit Union v. Mapco Express Inc., and Phillips v. Mapco Express, Inc. Case Nos. 3:14-cv-1573 and 1710 (M.D. Tennessee) (J. Crenshaw). The firm served as liaison counsel in consumer and financial institution action stemming from the 2013 hacking of computer systems maintained by Mapco Express, Inc. The cases settled in 2017 for approximately $2 million.
  • Joyner v. Behavioral Health Network, Inc., No. 2017CV00629 (Massachusetts Supreme Court). A non-reversionary common fund of $1,200,000 was established to provide credit monitoring, and cover claims of economic loss up to $10,000 and non-economic loss up to $1,000 for lost time for each of the approximately 133,237 class members.
  • Larson v. Aditi Consulting, LLC, Case No. 22-2-03572-2 SEA (King County, Washington Supreme Court). Final approval was granted July 14, 2023.
  • Carr v. South Country Health Alliance, Case No. 74-CV-21-632 (Steele County, Minnesota District Court). Final approval was granted Nov. 6, 2023.
  • Reese v. Teen Challenge Training Center, Inc., Case No. 210400093 (Philadelphia County, Pennsylvania Court of Common Pleas) Final approval pending.

Attorneys in this practice area

Privacy Litigation

Colleen Garvey

Colleen Garvey

Andrew E. Mize

Andrew E. Mize

Emily E. Schiller

Emily E. Schiller

Miles M. Schiller

Miles M. Schiller

J. Gerard Stranch IV

J. Gerard Stranch IV

Grayson Wells

Grayson Wells