Data Breach Lawsuit

A data breach occurs when certain private online information is accessed illegally. A data breach can result in a lawsuit if an attorney determines that specific criteria are met, including the type of data stolen.

Despite these strict criteria, some of the biggest data breaches in history have been attached to class-action data breach lawsuits where plaintiffs successfully sued the offending company. Confidential information usually, but not always, contains personal information such as name or address, identification or Social Security numbers, or credit card or banking information.

The type of information stolen determines whether or not a data breach has occurred. This information varies by state but usually includes an individual’s first name (or initial) and last name, plus personal information such as their driver’s license number, Social Security number, account or credit card numbers. This list is not inclusive; other details may determine whether a data breach occurred.

Data breaches take many forms, but all attempt to breach online security to steal data. Cyber thieves or hackers may attempt to contact a user directly or may secretly insert a program onto a user’s computer to access data. They may also block access to a user’s data and then request money in exchange for the safe return of that data. Many programs provide data protection against cyberattacks and can be installed directly onto a computer to block attacks.

More than half of the publicly disclosed data breaches that happened worldwide occurred in the United States. The U.S. remains the number one spot worldwide for cyberattacks causing the theft of personal information or data.

Many people who have had their data stolen can file a data breach lawsuit. The first step in filing a lawsuit is to find an appropriate attorney who is experienced in this type of litigation. An attorney who is knowledgeable regarding the laws around data breaches will be able to determine if you have a claim.

The attorney you choose must also understand the specific laws of your state or region, as data breach laws can vary. All states, however, must notify anyone affected by a security breach that has made their personal data accessible. This data is called “personally identifiable information” and the definition of this data can change by state.

Timing of the data breach is important as well, and there may be deadlines attached to the claim surrounding expenses incurred, fees you have paid and direct losses from the data breach. A well-informed attorney will help you understand any restrictions surrounding your claim.

Multiple major data breaches have targeted different industries over the past several years, and lawsuits followed many of these data breaches. Large-scale data breaches have occurred in many sectors and include cyberattacks on banks. In 2022, investment and financial services company Morgan Stanley agreed to pay $60 million in settlements over two breaches that affected 15 million customers.

In a 2021 data breach, millions of T-Mobile customers had personal data stolen, and the stolen information included Social Security numbers and driver’s license numbers, as well as names, phone numbers and addresses.

The theft of this valuable data has resulted in T-Mobile data breach lawsuits. The wireless carrier has agreed to pay settlements in the amount of $350 million to the more than 75 million customers impacted by the event.

Most recently, in 2022, T-Mobile alerted its customers to a data breach that allowed the theft of the personal information of 37 million customers. In this instance, the stolen data did not include Social Security numbers, banking or credit card information, passwords or PINs, and investigations are still underway.

In 2019, banking institution Capital One experienced one of the largest data breaches in U.S. history when a hacker accessed personal data from millions of banking customers. This data included the bank account number and Social Security numbers of more than 100 million banking customers.

A class-action data breach lawsuit has been initiated against Capital One, proposing that the banking giant create a settlement fund of $190 million. This settlement relief fund is intended to provide cash payments for lost time and out-of-pocket expenses surrounding the Capital One data breach, as well as identity theft and restoration services to affected customers. Capital One has also been asked to implement business security changes to prevent further data breaches.

In 2019, the Federal Trade Commission opened a complaint against Equifax after the company didn’t properly secure the personal information of its customers. This failure led to a 2017 data breach that exposed the names, dates of birth, Social Security numbers and addresses of approximately 147 million people.

The FTC, the Consumer Protection Bureau and 50 U.S. states and territories have joined the complaint, requesting that Equifax pay at least $575 million in the global data breach settlement. These entities allege that Equifax is responsible for failing to secure the personal information of its customers, despite knowing about security concerns before the breach occurred. The settlement would also ensure that Equifax keeps its customers’ personal data safe and provides years of credit monitoring for affected customers.

Within the last decade, there have been multiple large-scale data breaches and data breach lawsuits stemming from these breaches. Settlements have included financial compensation and additional online protection for impacted parties and have required offending companies to implement new security measures. Millions of dollars have been paid out in settlements across the United States and worldwide.

Since 2013, more than 15,000 data breaches have been reported in the United States alone. Multiple data breaches have resulted in settlements in the millions of dollars and triggered warnings and heightened security requirements by the FTC. 

Worldwide, data breach settlements and fines have reached billions of dollars, including one involving the Chinese firm DDI Global. The company was fined the equivalent of $1.9 billion for violating China’s network security, data security and personal information protection laws.

Data breaches remain a public threat. If your personal information has been compromised without your consent, contact an online security professional to ensure your data stays secure. If you think you may be eligible to sue over a data breach, an attorney with experience in data breach settlements can guide your next steps.