Written By
Edited By : Amy Edel
This page features 10 Cited Research Articles
Fact Checked

Editors carefully fact-check all Consumer Notice, LLC content for accuracy and quality.

Consumer Notice, LLC has a stringent fact-checking process. It starts with our strict sourcing guidelines.

We only gather information from credible sources. This includes peer-reviewed medical journals, reputable media outlets, government reports, court records and interviews with qualified experts.

What Is a Data Breach Lawsuit?

A data breach occurs when certain private online information is accessed illegally. A data breach can result in a lawsuit if an attorney determines that specific criteria are met, including the type of data stolen.

To determine whether to pursue a data breach lawsuit, an attorney must consider the following:
  • Severity and scope of the data breach
  • Whether a statute violation has occurred
  • Available solutions
  • Legal value of the case
  • Any available resources

Despite these strict criteria, some of the biggest data breaches in history have been attached to class-action data breach lawsuits where plaintiffs successfully sued the offending company. Confidential information usually, but not always, contains personal information such as name or address, identification or Social Security numbers, or credit card or banking information.

Types of Data Breaches

The type of information stolen determines whether or not a data breach has occurred. This information varies by state but usually includes an individual’s first name (or initial) and last name, plus personal information such as their driver’s license number, Social Security number, account or credit card numbers. This list is not inclusive; other details may determine whether a data breach occurred.

There are different types of data breaches:
  • Automated Teller Machine Cash Out: These breaches occur when hackers change an ATM's online control settings to enable unlimited funds withdrawal.
  • Corporate Account Takeover: CATO occurs when cyber thieves impersonate a business to send or receive money.
  • Denial of Service and Distributed Denial of Service: DoS and DDoS attacks attempt to shut down a website or online service completely. DDoS attacks do so by overwhelming the site with too much traffic from many different sources.
  • Malware: Malware is a program covertly inserted into an online system to steal data. Spyware is a common type of malware.
  • Man in the Middle: MITM attacks happen when hackers attempt to steal data by inserting themselves into a transaction between two parties.
  • Phishing: Phishing attacks use fake forms of communication, most often email, to trick the receiver into opening the email and following the instructions. Phishing attacks aim to steal sensitive data such as credit card and banking information.
  • Ransomware: Ransomware uses malware to prevent a user from accessing their computer system and data. The ransomware then asks the user to pay a ransom to access their system or data.

Data breaches take many forms, but all attempt to breach online security to steal data. Cyber thieves or hackers may attempt to contact a user directly or may secretly insert a program onto a user’s computer to access data. They may also block access to a user’s data and then request money in exchange for the safe return of that data. Many programs provide data protection against cyberattacks and can be installed directly onto a computer to block attacks.

More than half of the publicly disclosed data breaches that happened worldwide occurred in the United States. The U.S. remains the number one spot worldwide for cyberattacks causing the theft of personal information or data.

How to File a Data Breach Lawsuit

Many people who have had their data stolen can file a data breach lawsuit. The first step in filing a lawsuit is to find an appropriate attorney who is experienced in this type of litigation. An attorney who is knowledgeable regarding the laws around data breaches will be able to determine if you have a claim.

The attorney you choose must also understand the specific laws of your state or region, as data breach laws can vary. All states, however, must notify anyone affected by a security breach that has made their personal data accessible. This data is called “personally identifiable information” and the definition of this data can change by state.

Timing of the data breach is important as well, and there may be deadlines attached to the claim surrounding expenses incurred, fees you have paid and direct losses from the data breach. A well-informed attorney will help you understand any restrictions surrounding your claim.

Major Data Breach Lawsuits

Multiple major data breaches have targeted different industries over the past several years, and lawsuits followed many of these data breaches. Large-scale data breaches have occurred in many sectors and include cyberattacks on banks. In 2022, investment and financial services company Morgan Stanley agreed to pay $60 million in settlements over two breaches that affected 15 million customers.

T-Mobile Data Breach Lawsuit

In a 2021 data breach, millions of T-Mobile customers had personal data stolen, and the stolen information included Social Security numbers and driver’s license numbers, as well as names, phone numbers and addresses.

The theft of this valuable data has resulted in T-Mobile data breach lawsuits. The wireless carrier has agreed to pay settlements in the amount of $350 million to the more than 75 million customers impacted by the event.

Most recently, in 2022, T-Mobile alerted its customers to a data breach that allowed the theft of the personal information of 37 million customers. In this instance, the stolen data did not include Social Security numbers, banking or credit card information, passwords or PINs, and investigations are still underway.

Capital One Data Breach Lawsuit

In 2019, banking institution Capital One experienced one of the largest data breaches in U.S. history when a hacker accessed personal data from millions of banking customers. This data included the bank account number and Social Security numbers of more than 100 million banking customers.

A class-action data breach lawsuit has been initiated against Capital One, proposing that the banking giant create a settlement fund of $190 million. This settlement relief fund is intended to provide cash payments for lost time and out-of-pocket expenses surrounding the Capital One data breach, as well as identity theft and restoration services to affected customers. Capital One has also been asked to implement business security changes to prevent further data breaches.

Equifax Data Breach Lawsuit

In 2019, the Federal Trade Commission opened a complaint against Equifax after the company didn’t properly secure the personal information of its customers. This failure led to a 2017 data breach that exposed the names, dates of birth, Social Security numbers and addresses of approximately 147 million people.

The FTC, the Consumer Protection Bureau and 50 U.S. states and territories have joined the complaint, requesting that Equifax pay at least $575 million in the global data breach settlement. These entities allege that Equifax is responsible for failing to secure the personal information of its customers, despite knowing about security concerns before the breach occurred. The settlement would also ensure that Equifax keeps its customers’ personal data safe and provides years of credit monitoring for affected customers.

Notable Data Breach Settlement Amounts

Within the last decade, there have been multiple large-scale data breaches and data breach lawsuits stemming from these breaches. Settlements have included financial compensation and additional online protection for impacted parties and have required offending companies to implement new security measures. Millions of dollars have been paid out in settlements across the United States and worldwide.

Recent data breach settlements include:
  • Equifax ($575 million)
  • T-Mobile ($350 million)
  • Home Depot ($200 million)
  • Capital One ($190 million)
  • Uber ($148 million)
  • Morgan Stanley ($120 million)
  • Yahoo ($85 million)
  • Target ($18.5 million)

Since 2013, more than 15,000 data breaches have been reported in the United States alone. Multiple data breaches have resulted in settlements in the millions of dollars and triggered warnings and heightened security requirements by the FTC. 

Worldwide, data breach settlements and fines have reached billions of dollars, including one involving the Chinese firm DDI Global. The company was fined the equivalent of $1.9 billion for violating China’s network security, data security and personal information protection laws.

Data breaches remain a public threat. If your personal information has been compromised without your consent, contact an online security professional to ensure your data stays secure. If you think you may be eligible to sue over a data breach, an attorney with experience in data breach settlements can guide your next steps.

Please seek the advice of a qualified professional before making decisions about your health or finances.
Last Modified: April 17, 2023

10 Cited Research Articles

Consumernotice.org adheres to the highest ethical standards for content production and references only credible sources of information, including government reports, interviews with experts, highly regarded nonprofit organizations, peer-reviewed journals, court records and academic organizations. You can learn more about our dedication to relevance, accuracy and transparency by reading our editorial policy.

  1. Capital One. (2023, January 30). Capital One Data Breach Class Action Settlement. Retrieved from https://www.capitalonesettlement.com/en
  2. Venkat, A. (2023, January 20). T-Mobile suffers 8th data breach in less than 5 years. Retrieved from https://www.csoonline.com/article/3686053/t-mobile-suffers-8th-data-breach-in-less-than-5-years.html
  3. Geraldo, R. (2022, October 5). No Prison for Seattle hacker behind Capital One $250M data breach. Retrieved from https://www.seattletimes.com/business/no-prison-for-seattle-hacker-behind-capital-one-250m-data-breach/
  4. Hill, M. (2022, September 12). The 12 biggest data breach fines, penalties, and settlements so far. Retrieved from https://www.csoonline.com/article/3410278/the-biggest-data-breach-fines-penalties-and-settlements-so-far
  5. Fowler, B. (2022, January 24). Data breaches break record in 2021. Retrieved from https://www.cnet.com/news/privacy/record-number-of-data-breaches-reported-in-2021-new-report-says/
  6. Coble, S. (2022, January 5). Morgan Stanley Agrees to Data Breach Settlement. Retrieved from https://www.infosecurity-magazine.com/news/morgan-stanley-agrees-data-breach/
  7. Cipriani, J. (2021, September 9). T-Mobile data breach 2021: Here’s what it means for securing your data. Retrieved from https://www.cnet.com/tech/services-and-software/t-mobile-data-breach-2021-heres-what-it-means-for-securing-your-data/
  8. Federal Trade Commission. (2019, July 22). Equifax to Pay $575 Million as Part of Settlement with FTC, CFPB, and States Related to 2017 Data Breach. Retrieved from https://www.ftc.gov/news-events/news/press-releases/2019/07/equifax-pay-575-million-part-settlement-ftc-cfpb-states-related-2017-data-breach
  9. Ramakrishnan, S. & Bose, N. (2017, May 23). Target in $18.5 million multi-state settlement over data breach. Retrieved from https://www.reuters.com/article/us-target-cyber-settlement-idUSKBN18J2GH
  10. National Association of Attorneys General. (n.d.). Data Breaches. Retrieved from https://www.naag.org/issues/consumer-protection/consumer-protection-101/privacy/data-breaches/