Technology, Privacy & Data Breach

Berger Montague’s Technology, Privacy & Data Breach practice group litigates cases on behalf of consumers nationwide to protect their privacy rights and seek redress.

In the modern economy where sensitive financial, medical, and other personal information is routinely stored electronically by corporations large and small, protecting personal information is vitally important. All too frequently companies fail to protect consumers’ personal information, leading to privacy breaches with devastating consequences.

Berger Montague is committed to ensuring that the fundamental right to privacy is respected. Our attorneys possess extensive battle-tested experience and knowledge of the law to successfully litigate a comprehensive range of privacy claims. We file cases large and small, ranging from those affecting hundreds of millions of consumers to those impacting tens of thousands. The firm files cases against prominent companies as well as lesser-known entities that fail to protect sensitive personal information.

Frequently Asked Questions

What are Data Breach Class Actions?

These are cases filed on behalf of individuals whose personal information was stolen or misappropriated in data breaches.

Common breaches involve the theft of Social Security numbers, banking information, credit card numbers, medical information, or other sensitive information that can be used to commit identity theft.

Data breaches are most often committed by computer hackers. They may also be committed by a company’s own rogue employees.

What Types of Identity Theft Risks Exist?

Identity thieves use stolen personal information to commit a variety of frauds including taking out loans in another person’s name, opening financial accounts in another person’s name, incurring fraudulent credit card charges, filing a fraudulent tax return using the victim’s information, obtaining medical services using the victim’s information, using the victim’s identity to obtain government benefits, obtaining a driver’s license or identification card in the victim’s name but with another person’s picture, or giving false information to police during an arrest.

What Types of Relief are Obtained in Data Breach Class Actions?

Data breach class actions seek many types of relief, including:

  • Reimbursement of identity theft losses;
  • Reimbursement of out-of-pocket costs that victims paid for protective measures such as credit monitoring services, credit reports, credit freezes, etc.;
  • Recovery of overpayment of the purchase price for the company’s products or services where a portion of the purchase price was intended to fund adequate data security;
  • Compensation for time spent responding to the breach;
  • Providing credit monitoring services and identity theft insurance, paid for by the defendant company; and
  • Making improvements to the company’s data security systems.

How Can I Find Out if I am Affected By a Data Breach?

By law, companies subjected to a data breach typically must notify affected individuals about the breach. Notice is often sent by mail or e-mail.

If you receive notice that your personal information was compromised in a data breach, and you are interested in pursuing a class action, please contact us to evaluate your case.

What are Some Examples of Berger Montague’s Data Privacy Cases?

Berger Montague has been involved in many data privacy class actions, including the following:

  1. In re Wawa, Inc. Data Security Litig., No. 19-cv-6019 (E.D. Pa.). Berger Montague serves as Co-Lead Counsel in this data breach class action involving the theft of approximately 30 million credit and debit card numbers by computer hackers. The case is ongoing.
  2. In re: American Medical Collection Agency, Inc. Customer Data Security Breach Litig., MDL 2904, No. 19-md-02904 (D.N.J.). Berger Montague serves on the Plaintiffs’ Steering Committee in this data breach class action against Quest Diagnostics Inc. and Optum 360, LLC. The case is brought on behalf of 11.9 million Quest patients whose sensitive personal information was stolen by computer hackers. The cyber-attack took place at Quest’s collections vendor, American Medical Collection Agency (AMCA). The breach involves Quest patients whose past-due bills were sent to AMCA for collections. Information compromised in the data breach included Social Security numbers, financial information (e.g., bank account information and credit card numbers), medical information, and additional personal information. The case is ongoing.
  3. In re: Capital One Consumer Data Security Breach Litig., MDL 2915, No. 19-md-02915 (E.D. Va.). This case is brought on behalf of 100 million Capital One credit card applicants whose sensitive personal information was stolen by a computer hacker. Information compromised in the breach includes names, addresses, zip codes, phone numbers, email addresses, dates of birth, self-reported income, credit scores, credit limits, balances, payment history, and fragments of transaction data.  The breach also involved Social Security numbers and bank account numbers for a smaller subset of individuals. Berger Montague assists lead counsel. The case is ongoing.
  4. In re: MGM Resorts International Data Breach Litig., No. 20-cv-00376 (D. Nev.). This case involves a data breach affecting 10.6 million guests who stayed at hotels in the MGM Resorts corporate family. Information stolen in the breach included names, addresses, phone numbers, email addresses, and dates of birth. For certain guests, the stolen information also included driver’s license numbers, passport numbers, or military identification numbers. The case is ongoing.
  5. Beckett v. Aetna, Inc., No. 17-cv-03864 (E.D. Pa.). This case involved public disclosure of HIV information.  Aetna mailed letters to 12,000 insureds with the insureds’ HIV medication information visible through a large transparent window on the envelope. The HIV information was accessible to third parties such as family members, roommates, neighbors and mail carriers. The case settled in 2018 shortly after it was filed, resulting in a non-reversionary $17 million fund. Each class member received an automatic payment of $500 without being required to fill out a claim form, and class members were also allowed to submit claims for up to $20,000 for financial or non-financial harm resulting from the disclosure. Berger Montague served as Co-Lead Counsel.
  6. In re: Equifax Inc. Customer Data Security Breach Litig., MDL 2800, No. 17-md-2800 (N.D. Ga.). Hackers stole 147 million Social Security numbers and related personal information from a credit reporting agency. The case settled in 2019 for a non-reversionary common fund totaling $380 million, with a potential additional contribution of $125 million depending on claims rates. Settlement benefits include ten years of free credit monitoring and identity theft insurance; reimbursement of out-of-pocket costs and lost time; and substantial improvements to Equifax’s data security systems (paid for by Equifax separate from the common fund, totaling $1 billion over five years). This is the largest data breach settlement in U.S. history.  Berger Montague assisted lead counsel throughout the litigation.
  7. In re Experian Data Breach Litig., No. 15-cv-01592 (C.D. Cal.). Hackers stole 15 million Social Security numbers and related personal information from Experian, a big-3 credit reporting agency. Many plaintiffs experienced misuse of their personal information after the breach. The litigation was settled in 2019 for benefits valued at over $170 million. The settlement consisted of a $22 million non-reversionary cash fund to reimburse out-of-pocket losses and lost time; two years of free credit monitoring and identity theft insurance; and $11.7 million for Experian’s remedial measures implemented in connection with the lawsuit. The aggregate value of credit monitoring claimed by class members during the claims process exceeded $138 million, based on a $19.99 per month retail value of the service. In approving the settlement, the Court commented that it was an “excellent result” for the class. Berger Montague served on the Plaintiffs’ Executive Committee.
  8. In re: Anthem, Inc. Data Breach Litig., MDL 2617, No. 15-MD-02617 (N.D. Cal.). Hackers stole 80 million insureds’ personal information including Social Security numbers and other sensitive information. Many plaintiffs experienced misuse of their personal information after the breach. The case settled in 2018 for benefits valued at $115 million, representing the then-largest data breach settlement in history. Settlement benefits included reimbursement of identity theft losses and other out-of-pocket costs; credit monitoring services and identity theft insurance for two years, paid for by Anthem; and substantial improvements to Anthem’s data security systems. Berger Montague assisted lead counsel throughout the litigation.
  9. In re: Medical Informatics Engineering, Inc. Customer Data Security Breach Litig., MDL 2667, No. 15-md-02667 (N.D. Ind.). Hackers stole medical and personal information for four million individuals from a medical records company. The case settled in 2018 for benefits including compensation for out of pocket losses and time spent responding to the breach; three years of credit monitoring and identity theft insurance; and improvements to the defendant’s data security practices. Berger Montague assisted lead counsel throughout the litigation.
  10. In re: Heartland Payment Systems, Inc. Customer Data Security Breach Litig., MDL 2046, No. 09-MD-2046 (S.D. Tex.). Hackers stole more than 100 million credit and debit card numbers from a large credit card processor. The case settled in 2011 for a cash fund to reimburse out-of-pocket costs and lost time; and improvements to Heartland’s data security practices. Berger Montague served on the Plaintiffs’ Steering Committee.
  11. In re Countrywide Fin’l. Corp. Customer Data Security Breach Litig., MDL 1998, No. 08-MD-01998-TBR (W.D. Ky.). A Countrywide employee was arrested for stealing and selling Countrywide customers’ Social Security numbers, bank account information and other sensitive data. The case settled in 2010 for benefits including a $6.5 million cash fund to reimburse out-of-pocket losses for 17 million individuals; two years of credit monitoring offered to 1.9 million individuals; and improvements to Countrywide’s data security systems. Berger Montague served on the Plaintiffs’ Executive Committee.
  12. In re Hannaford Bros. Co. Customer Data Sec. Breach Litig., MDL 1954, No. 08-md-01954 (D. Me.). Hackers stole 4 million credit and debit card numbers from a large grocery store chain. The litigation led to groundbreaking appellate law recognizing the availability of damages for out-of-pocket credit monitoring costs and replacement credit card fees. Anderson v. Hannaford Bros. Co., 659 F.3d 151, 167 (1st Cir. 2011). The appellate ruling serves as often-cited precedent in data breach litigation. Berger Montague assisted lead counsel throughout the litigation and on appeal.
  13. In re TJX Cos. Retail Security Breach Litig., MDL No. 1838, No. 07-cv-10162-WGY (D. Mass.). Hackers stole 45 million credit and debit card numbers and 455,000 driver’s license numbers, which in many instances matched Social Security numbers. The breach was the then-largest theft of consumer data in U.S. history. Berger Montague obtained a settlement in 2008 valued at over $200 million, including: (i) two years of credit monitoring and identity theft insurance offered to 455,000 individuals whose driver’s license numbers were exposed; (ii) a $17 million fund offered to 45 million individuals to reimburse out-of-pocket costs and lost time to mitigate or correct actual or potential identity theft and (iii) injunctive relief regarding improvements to TJX’s data security systems. These elements became the template for most subsequent data breach settlements. In approving the settlement, former Chief Judge William Young praised the result as an “excellent settlement” containing “innovative” and “groundbreaking” elements. B&M served as Co-Lead Counsel.

What Qualities Set Berger Montague Apart From Other Class Action Firms?

Berger Montague is the rare class action firm that has tried and won multiple class action jury trials. We have the expertise to bring our cases to trial if meaningful settlements cannot be reached earlier in the litigation.

We are one of the largest class action law firms in the U.S. With more than 60 attorneys, we have resources to staff large and complex cases as well as smaller but equally important matters. Having a deep bench of attorneys is critical to effectively litigating class actions, which generally take several years to resolve.

We have a 50-plus year history, much longer than the vast majority of class action firms. With our thorough understanding of class actions, we litigate our cases from a position of strength, using time-tested insights and proven approaches. Throughout our decades-long history, we have cultivated strong relationships with other class action firms, with whom we partner in most of our cases.

Judicial Praise Regarding Berger Montague’s Data Privacy Cases

 Chief Judge William Young praised the result in our groundbreaking TJX case as an “excellent settlement” containing “innovative” and “groundbreaking” elements. See In re: TJX Cos. Retail Security Breach Litig., 584 F. Supp. 2d 395, 399 n.6 (D. Mass. 2008) (order approving attorneys’ fees); In re: TJX Cos. Retail Security Breach Litig, No. 07-cv-10162-WGY, Dkt. #297 at 6:12 (D. Mass. Sept. 27, 2007) (transcript of preliminary settlement approval hearing).  Details of the TJX case are summarized above.

No Fees Without Recovery

Our data privacy class actions are brought on a contingent fee basis. That means plaintiffs and the class do not pay out-of-pocket attorneys’ fees or litigation costs. Attorneys’ fees and costs are paid from the recovery obtained for the class, subject to court approval.

Contact Us to Inquire About a Data Privacy Class Action

We invite you to contact us about a potential case. Please fill out the contact form to the right. You may also contact our data breach attorneys directly. The department co-chairs, Sherrie Savett and Michelle Drake, can be reached at ssavett@bm.net or emdrake@bm.net. Shareholder Jon Lambiras can be reached at jlambiras@bm.net.