Technology, Privacy & Data Breach

These are cases filed on behalf of individuals whose personal information was stolen or misappropriated in data breaches.

Common breaches involve the theft of Social Security numbers, banking information, credit card numbers, medical information, or other sensitive information that can be used to commit identity theft.

Data breaches are most often committed by computer hackers. They may also be committed by a company’s own rogue employees.

Identity thieves use stolen personal information to commit a variety of frauds including taking out loans in another person’s name, opening financial accounts in another person’s name, incurring fraudulent credit card charges, filing a fraudulent tax return using the victim’s information, obtaining medical services using the victim’s information, using the victim’s identity to obtain government benefits, obtaining a driver’s license or identification card in the victim’s name but with another person’s picture, or giving false information to police during an arrest.

Data breach class actions seek many types of relief, including:

• Reimbursement of identity theft losses;
• Reimbursement of out-of-pocket costs that victims paid for protective measures such as credit monitoring services, credit reports, credit freezes, etc.;
• Recovery of overpayment of the purchase price for the company’s products or services where a portion of the purchase price was intended to fund adequate data security;
• Compensation for time spent responding to the breach;
• Providing credit monitoring services and identity theft insurance, paid for by the defendant company; and
• Making improvements to the company’s data security systems.

By law, companies subjected to a data breach typically must notify affected individuals about the breach. Notice is often sent by mail or e-mail.

If you receive notice that your personal information was compromised in a data breach, and you are interested in pursuing a class action, please contact us to evaluate your case.

Berger Montague has been involved in many data privacy class actions, including the following:

1. In re: MGM Resorts International Data Breach Litig., No. 20-cv-00376 (D. Nev.). Berger Montague serves as Co-Lead Counsel in this data breach class action involving the theft of personal information for up to 200 million guests who stayed at hotels in the MGM Resorts corporate family. Information stolen in the breach included names, addresses, phone numbers, email addresses, dates of birth, and for certain guests, driver’s license numbers, passport numbers, or military identification numbers. The case is ongoing.
2. In re Wawa, Inc. Data Security Litig., No. 19-cv-6019 (E.D. Pa.). Berger Montague serves as Co-Lead Counsel in this data breach class action involving the theft of approximately 30 million credit and debit card numbers by computer hackers. The case has been settled, subject to court approval.
3. In re: American Medical Collection Agency, Inc. Customer Data Security Breach Litig., MDL 2904, No. 19-md-02904 (D.N.J.). Berger Montague serves on the Plaintiffs’ Steering Committee in this data breach class action against Quest Diagnostics Inc. and Optum 360, LLC. The case is brought on behalf of 11.9 million Quest patients whose sensitive personal information was stolen by computer hackers. The cyber-attack took place at Quest’s collections vendor, American Medical Collection Agency (AMCA). The breach involves Quest patients whose past-due bills were sent to AMCA for collections. Information compromised in the data breach included Social Security numbers, financial information (e.g., bank account information and credit card numbers), medical information, and additional personal information. The case is ongoing.
4. In re: Capital One Consumer Data Security Breach Litig., MDL 2915, No. 19-md-02915 (E.D. Va.). This case is brought on behalf of 100 million Capital One credit card applicants whose sensitive personal information was stolen by a computer hacker. Information compromised in the breach includes names, addresses, zip codes, phone numbers, email addresses, dates of birth, self-reported income, credit scores, credit limits, balances, payment history, and fragments of transaction data.  The breach also involved Social Security numbers and bank account numbers for a smaller subset of individuals. Berger Montague assists lead counsel. The case is ongoing.
5. Beckett v. Aetna, Inc., No. 17-cv-03864 (E.D. Pa.). This case involved public disclosure of HIV information.  Aetna mailed letters to 12,000 insureds with the insureds’ HIV medication information visible through a large transparent window on the envelope. The HIV information was accessible to third parties such as family members, roommates, neighbors and mail carriers. The case settled in 2018 shortly after it was filed, resulting in a non-reversionary $17 million fund. Each class member received an automatic payment of $500 without being required to fill out a claim form, and class members were also allowed to submit claims for up to $20,000 for financial or non-financial harm resulting from the disclosure. Berger Montague served as Co-Lead Counsel.
6. In re: Equifax Inc. Customer Data Security Breach Litig., MDL 2800, No. 17-md-2800 (N.D. Ga.). Hackers stole 147 million Social Security numbers and related personal information from a credit reporting agency. The case settled in 2019 for a non-reversionary common fund totaling $380 million, with a potential additional contribution of $125 million depending on claims rates. Settlement benefits include ten years of free credit monitoring and identity theft insurance; reimbursement of out-of-pocket costs and lost time; and substantial improvements to Equifax’s data security systems (paid for by Equifax separate from the common fund, totaling $1 billion over five years). This is the largest data breach settlement in U.S. history.  Berger Montague assisted lead counsel throughout the litigation.
7. In re Experian Data Breach Litig., No. 15-cv-01592 (C.D. Cal.). Hackers stole 15 million Social Security numbers and related personal information from Experian, a big-3 credit reporting agency. Many plaintiffs experienced misuse of their personal information after the breach. The litigation was settled in 2019 for benefits valued at over $170 million. The settlement consisted of a $22 million non-reversionary cash fund to reimburse out-of-pocket losses and lost time; two years of free credit monitoring and identity theft insurance; and $11.7 million for Experian’s remedial measures implemented in connection with the lawsuit. The aggregate value of credit monitoring claimed by class members during the claims process exceeded $138 million, based on a $19.99 per month retail value of the service. In approving the settlement, the Court commented that it was an “excellent result” for the class. Berger Montague served on the Plaintiffs’ Executive Committee.
8. In re: Anthem, Inc. Data Breach Litig., MDL 2617, No. 15-MD-02617 (N.D. Cal.). Hackers stole 80 million insureds’ personal information including Social Security numbers and other sensitive information. Many plaintiffs experienced misuse of their personal information after the breach. The case settled in 2018 for benefits valued at $115 million, representing the then-largest data breach settlement in history. Settlement benefits included reimbursement of identity theft losses and other out-of-pocket costs; credit monitoring services and identity theft insurance for two years, paid for by Anthem; and substantial improvements to Anthem’s data security systems. Berger Montague assisted lead counsel throughout the litigation.
9. In re: Medical Informatics Engineering, Inc. Customer Data Security Breach Litig., MDL 2667, No. 15-md-02667 (N.D. Ind.). Hackers stole medical and personal information for four million individuals from a medical records company. The case settled in 2018 for benefits including compensation for out of pocket losses and time spent responding to the breach; three years of credit monitoring and identity theft insurance; and improvements to the defendant’s data security practices. Berger Montague assisted lead counsel throughout the litigation.
10. In re: Heartland Payment Systems, Inc. Customer Data Security Breach Litig., MDL 2046, No. 09-MD-2046 (S.D. Tex.). Hackers stole more than 100 million credit and debit card numbers from a large credit card processor. The case settled in 2011 for a cash fund to reimburse out-of-pocket costs and lost time; and improvements to Heartland’s data security practices. Berger Montague served on the Plaintiffs’ Steering Committee.
11. In re Countrywide Fin’l. Corp. Customer Data Security Breach Litig., MDL 1998, No. 08-MD-01998-TBR (W.D. Ky.). A Countrywide employee was arrested for stealing and selling Countrywide customers’ Social Security numbers, bank account information and other sensitive data. The case settled in 2010 for benefits including a $6.5 million cash fund to reimburse out-of-pocket losses for 17 million individuals; two years of credit monitoring offered to 1.9 million individuals; and improvements to Countrywide’s data security systems. Berger Montague served on the Plaintiffs’ Executive Committee.
12. In re Hannaford Bros. Co. Customer Data Sec. Breach Litig., MDL 1954, No. 08-md-01954 (D. Me.). Hackers stole 4 million credit and debit card numbers from a large grocery store chain. The litigation led to groundbreaking appellate law recognizing the availability of damages for out-of-pocket credit monitoring costs and replacement credit card fees. Anderson v. Hannaford Bros. Co., 659 F.3d 151, 167 (1st Cir. 2011). The appellate ruling serves as often-cited precedent in data breach litigation. Berger Montague assisted lead counsel throughout the litigation and on appeal.
13. In re TJX Cos. Retail Security Breach Litig., MDL No. 1838, No. 07-cv-10162-WGY (D. Mass.). Hackers stole 45 million credit and debit card numbers and 455,000 driver’s license numbers, which in many instances matched Social Security numbers. The breach was the then-largest theft of consumer data in U.S. history. Berger Montague obtained a settlement in 2008 valued at over $200 million, including: (i) two years of credit monitoring and identity theft insurance offered to 455,000 individuals whose driver’s license numbers were exposed; (ii) a $17 million fund offered to 45 million individuals to reimburse out-of-pocket costs and lost time to mitigate or correct actual or potential identity theft and (iii) injunctive relief regarding improvements to TJX’s data security systems. These elements became the template for most subsequent data breach settlements. In approving the settlement, former Chief Judge William Young praised the result as an “excellent settlement” containing “innovative” and “groundbreaking” elements. B&M served as Co-Lead Counsel.

Berger Montague is the rare class action firm that has tried and won multiple class action jury trials. We have the expertise to bring our cases to trial if meaningful settlements cannot be reached earlier in the litigation.

We are one of the largest class action law firms in the U.S. With more than 60 attorneys, we have resources to staff large and complex cases as well as smaller but equally important matters. Having a deep bench of attorneys is critical to effectively litigating class actions, which generally take several years to resolve.

We have a 50-plus year history, much longer than the vast majority of class action firms. With our thorough understanding of class actions, we litigate our cases from a position of strength, using time-tested insights and proven approaches. Throughout our decades-long history, we have cultivated strong relationships with other class action firms, with whom we partner in most of our cases.