Technology, Privacy & Data Breach

Berger Montague’s Technology, Privacy & Data Breach practice group litigates on behalf of consumers nationwide to protect their privacy rights and seek redress when privacy violations occur.

In the modern economy where sensitive financial, medical and other personal information is routinely stored electronically in large data sets, protecting personal information is increasingly important.  All too frequently, companies fail to protect consumers’ personal information, leading to large privacy breaches with devastating consequences to consumers.

Berger Montague is committed to ensuring that the fundamental right to privacy is respected as technology evolves and society changes.  Our attorneys possess extensive experience and the requisite background to successfully litigate a comprehensive range of privacy claims.  We represent individuals in cases impacting tens of thousands to hundreds of millions of Americans against both prominent and lesser-known companies for violations of privacy rights and the failure to protect sensitive personal data.

Frequently Asked Questions

What are Data Breach Class Actions?

These are cases filed on behalf of individuals whose personal information was stolen or misappropriated in data breaches.

Common breaches involve the theft of Social Security numbers, banking information, medical data, credit card numbers or other sensitive information that can be used to commit identity theft.

Data breaches are most often committed by computer hackers, but they may also be committed by a company’s own rogue or negligent employees.

What Types of Identity Theft Risks Exist?

Identity thieves use stolen personal information to commit a variety of frauds including taking out loans in another person’s name, opening financial accounts in another person’s name, filing a fraudulent tax return using the victim’s information, obtaining medical services using the victim’s information, using the victim’s identity to obtain government benefits, obtaining a driver’s license or identification card in the victim’s name but with another person’s picture or giving false information to police during an arrest.

What Types of Relief are Obtained in Data Privacy Class Actions?

Data privacy class actions seek various types of relief, including:

  • Reimbursement of identity theft losses;
  • Reimbursement of out-of-pocket costs that victims paid for protective measures such as credit monitoring services, credit reports, credit freezes, etc.;
  • Recovery of overpayment of the purchase price for the company’s products or services, where a portion of the purchase price was intended to fund adequate data security;
  • Compensation for time spent responding to the breach;
  • Imposition of credit monitoring services and identity theft insurance, paid for by the company; and
  • Improvements to the company’s data security systems.

How Can I Find Out if I am Affected By a Data Breach?

By law, companies that experience a data breach generally must notify affected individuals of the breach.  Notice is typically sent by mail or e-mail.

If you receive notice that your personal information was compromised and are interested in pursuing class action litigation, please contact us to evaluate your case and discuss your legal rights.

What are Some Examples of Berger Montague’s Data Privacy Cases?

Berger Montague has been involved in many large data privacy class actions, including:

  1. Beckett v. Aetna, Inc., No. 17-cv-03864 (E.D. Pa.). This case involved public disclosure of HIV information.  Aetna mailed letters to 12,000 insureds with the insureds’ HIV medication information visible through a large transparent window on the envelope.  The HIV information was accessible to third parties such as family members, roommates, neighbors and mail carriers.  The case settled in 2018 shortly after it was filed, resulting in a non-reversionary $17 million fund.  Each class member will receive an automatic payment of $500 without being required to fill out a claim form, and class members will also be allowed to submit claims for up to $20,000 for financial or non-financial harm resulting from the disclosure.  B&M serves as Co-Lead Counsel.
  2. In re: Equifax Inc. Customer Data Security Breach Litig., MDL 2800, No. 17-md-2800 (N.D. Ga.). Hackers stole 147 million Social Security numbers and related personal information from a credit reporting agency.  The case settled in 2019 (pending final approval) for a non-reversionary common fund totaling $380 million, with a potential additional contribution of $125 million depending on claims rates.  Settlement benefits include ten years of free credit monitoring and identity theft insurance; reimbursement of out-of-pocket costs and lost time; and substantial improvements to Equifax’s data security systems (paid for by Equifax separate from the common fund, totaling $1 billion over five years).  This is the largest data breach settlement in U.S. history.  B&M assisted lead counsel.
  3. In re Experian Data Breach Litig., No. 15-cv-01592 (C.D. Cal.). Hackers stole 15 million Social Security numbers and related personal information from a big-3 credit reporting agency.  Many plaintiffs experienced misuse of their personal information after the breach.  The litigation is currently pending.  B&M serves on the Executive Committee.
  4. In re: Anthem, Inc. Data Breach Litig., MDL 2617, No. 15-MD-02617 (N.D. Cal.). Hackers stole 80 million insureds’ personal information including Social Security numbers and other sensitive information.  Many plaintiffs experienced misuse of their personal information after the breach.  The case settled in 2018 for benefits valued at $115 million, representing the largest data breach settlement in history.  Settlement benefits included reimbursement of identity theft losses and other out-of-pocket costs; credit monitoring services and identity theft insurance for two years, paid for by Anthem and substantial improvements to Anthem’s data security systems.  B&M assisted lead counsel throughout the litigation.
  5. In re: Medical Informatics Engineering, Inc. Customer Data Security Breach Litig., MDL 2667, No. 15-md-02667 (N.D. Ind.). Hackers stole medical and personal information for four million individuals from a medical records company.  The litigation is currently pending.  B&M assists lead counsel.
  6. In re: Heartland Payment Systems, Inc. Customer Data Security Breach Litig., MDL 2046, No. 09-MD-2046 (S.D. Tex.). Hackers stole more than 100 million credit and debit card numbers from a large credit card processor.  The case settled in 2011 for a cash fund to reimburse out-of-pocket costs, and injunctive relief.  B&M served on the Steering Committee.
  7. In re Countrywide Fin’l. Corp. Customer Data Security Breach Litig., MDL 1998, No. 08-MD-01998-TBR (W.D. Ky.). A Countrywide employee was arrested for stealing and selling Countrywide customers’ Social Security numbers, bank account information and other sensitive data.  The case settled in 2010 for benefits including two years of credit monitoring offered to 1.9 million individuals; a $6.5 million cash fund to reimburse out-of-pocket losses for 17 million individuals and injunctive relief involving improvements to Countrywide’s data security systems.  B&M served on the Executive Committee.
  8. In re Hannaford Bros. Co. Customer Data Sec. Breach Litig., MDL 1954, No. 08-md-01954 (D. Me.). Hackers stole 4 million credit and debit card numbers from a large grocery store chain.  The litigation led to groundbreaking appellate law recognizing the availability of damages for out-of-pocket credit monitoring costs and replacement credit card fees.  Anderson v. Hannaford Bros. Co., 659 F.3d 151, 167 (1st Cir. 2011).  The appellate ruling serves as often-cited precedent in data breach litigation.  B&M assisted lead counsel throughout the litigation and on appeal.
  9. In re TJX Cos. Retail Security Breach Litig., MDL No. 1838, No. 07-cv-10162-WGY (D. Mass.). Hackers stole 45 million credit and debit card numbers and 455,000 driver’s license numbers, which in many instances matched Social Security numbers.  The breach was the then-largest theft of consumer data in U.S. history.  Berger Montague obtained a settlement in 2008 valued at over $200 million, including: (i) two years of credit monitoring and identity theft insurance offered to 455,000 individuals whose driver’s license numbers were exposed; (ii) a $17 million fund offered to 45 million individuals to reimburse out-of-pocket costs and lost time to mitigate or correct actual or potential identity theft and (iii) injunctive relief regarding improvements to TJX’s data security systems.  These elements became the template for most subsequent data breach settlements.  In approving the settlement, former Chief Judge William Young praised the result as an “excellent settlement” containing “innovative” and “groundbreaking” elements.  B&M served as Co-Lead Counsel.

What Qualities Set Berger Montague Apart From Other Class Action Firms?

Berger Montague is the rare class action firm that has tried and won multiple class action jury trials.  We have the expertise to bring our cases to trial if meaningful settlements cannot be reached earlier in the litigation.

We are one of the largest class action law firms in the U.S.  With more than 60 attorneys, we have plentiful resources to staff large and complex cases as well as smaller but equally important matters.  Having a deep bench of attorneys is critical to effectively litigating our class actions, which generally take several years to resolve.

We have a 45-plus year history, much longer than the vast majority of our competitors.  With our thorough understanding of class actions, we litigate our cases from a position of strength, using time-tested approaches and insights.  Throughout our decades-long history, we have cultivated strong relationships with other class action firms, with whom we partner in many of our cases.

Judicial Praise Regarding Berger Montague’s Data Privacy Cases

 Chief Judge William Young praised the result in our groundbreaking TJX case as an “excellent settlement” containing “innovative” and “groundbreaking” elements. See In re: TJX Cos. Retail Security Breach Litig., 584 F. Supp. 2d 395, 399 n.6 (D. Mass. 2008) (order approving attorneys’ fees); In re: TJX Cos. Retail Security Breach Litig, No. 07-cv-10162-WGY, Dkt. #297 at 6:12 (D. Mass. Sept. 27, 2007) (transcript of preliminary settlement approval hearing).  Details of the TJX case are summarized above.

No Fees Without Recovery

Our data privacy class actions are brought on a contingent fee basis.  That means plaintiffs and the class do not pay out-of-pocket attorneys’ fees or litigation costs.  Attorneys’ fees and costs are paid from the recovery obtained for the class, subject to court approval.

Contact Us to Inquire About a Data Privacy Class Action

We invite you to contact us about a potential case.  Please fill out the contact form to the right. You may also contact our data breach attorneys directly.  The department chair, Sherrie Savett, can be reached at or (215) 875-3071.  Shareholder Jon Lambiras can be reached at or (215) 875-3036.