Data Breach Lawsuits & Investigations
Every year, hundreds of millions of people are affected by data breaches that can leave them vulnerable to identity theft, credit damage, reputational harm and more.
Class action lawsuits remain one of the strongest ways to hold companies accountable for leaving consumers’, employees’ and patients’ private information unprotected. Indeed, some have resulted in multi-million-dollar settlements on behalf of those who – through no fault of their own – had their information stolen and, in the worst cases, even published on the dark web.
When a data breach lawsuit is successful, it can also require the company at fault to implement new security protocols to ensure the information it is entrusted with – medical, financial and otherwise – stays safe.
Got a data breach notice?
Scroll down to see the list of data breaches attorneys working with ClassAction.org are currently investigating. If you see one that looks familiar, click through to learn more about the breach and what you can do to potentially help get a class action lawsuit started.
And remember – don’t throw your notice away! It essentially serves as proof that you were affected by a specific security incident and can be vital if you choose to take legal action for the harm you suffered.
We update this page often with new data breach investigations, so make sure to bookmark it and come back regularly. You can also sign up for our free newsletter, which is sent on a weekly basis and includes our latest data breach alerts.
Featured Data Breaches
East River Medical Imaging reported that thousands of its patients and employees had their sensitive information exposed in a September 2023 data breach.
In November 2023, Warren General Hospital reported a data breach that affected thousands of patients and employees.
Mission Community Hospital in California's San Fernando Valley is notifying patients of a data security incident that may have exposed their personal and medical information.
Join the Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Data Breach FAQs
I got a data breach notification. Does this definitely mean my info is being used fraudulently?
Not necessarily. When a company experiences a data breach, state law requires that it notify affected individuals. Receiving a letter does not automatically mean that your personal information is being used fraudulently – it just means your information was exposed in a data security incident and has the potential for being misused.
What should I do if I get a data breach letter?
If you get a data breach notice, make sure to read it closely. It should contain information on what happened, what information was involved, what the company is doing about it, steps you can take to protect yourself, and how you can get more information.
Some companies may offer free credit and/or identity theft monitoring for a period of time following a data breach, and the notice should include instructions on how to sign up. If you’re offered free monitoring, take advantage of it; signing up should not affect any legal claim you may have against the company.
Importantly, if you get a data breach letter, don’t throw it out! If you are interested in helping any of the investigations listed on this page, attorneys will want to see the letter you received.
Why do attorneys need to see my data breach notice?
Attorneys working with ClassAction.org are specifically looking to hear from people with a data breach notice because it essentially serves as proof that the individual was a victim of the incident and makes for a stronger legal claim.
So, I can sue over a data breach?
Yes. If your data was exposed in a security incident, you may be able to sue the company or companies responsible. Dozens of data breach class action lawsuits are filed each month, and this number only continues to increase. You can check out the proposed data breach class actions we’ve covered recently over on our newswire.
Can you give me an example of a data breach notification letter?
Absolutely. Here is an example of one sent to Forever 21 employees following a massive data breach that occurred in March 2023. This is the letter sent to consumers affected by the MAPFRE insurance data breach in late August 2023. In some cases, notices may be sent via email.
What if I never heard of the company that sent me a data breach notice?
It’s important to note that, in rare cases, you may not recognize the company sending the letter, but this does not mean it was sent in error.
For instance, a May 2023 data incident affecting a popular file transfer tool caused millions of individuals to have their information exposed. In this instance, many of the data breach letters were sent by a third-party vendor of the affected companies. For example, PBI Research Services sent this letter to customers of Corebridge Financial.
What if I threw my data breach notice out?
It’s important that, if you receive any data breach notice, you do not throw it out. If you’ve already done so, you may want to check the company’s website for their official notice of the breach – it should include the same information that was in your notice. You may also want to check the post for a dedicated number consumers can call with questions about the security incident. It’s worth a call to see if they can resend your notice, but this may not be possible.
What if I think I’m affected but haven’t received a notice?
Notices aren’t always sent immediately after a breach hits the news, so you may just have to be patient. Otherwise, you can check the company’s website to see if they’ve posted a notice about the breach – it may contain a number you can call with questions. They should, at the very least, be able to answer when notices are expected to go out and may also be able to confirm whether you were affected.
Be sure to bookmark our page and come back to it if you believe you’ve been affected by a data breach listed below but haven’t received a notice yet.
What kind of damages can I claim for a data breach?
In general, data breach victims can seek compensation for lost time responding to the incident, out-of-pocket costs related to the breach and loss of privacy.
Depending on the specifics of the data breach, out-of-pocket costs may include some of the following: money spent on preventative measures, such as identity theft and/or credit monitoring; service fees to replace stolen cards; money spent on credit reports and/or credit freezes; the costs associated with obtaining background checks or medical records; increased health insurance costs; and money lost via fraudulent transactions, fraudulent medical bills or stolen tax refunds.
Further damages may become available depending on the type of information exposed. For instance, if a person’s health data is leaked, they may be able to recover money for reputational damage if they are denied medical care or insurance coverage. Likewise, a person whose Social Security number is exposed may be able to recover money for damage to their credit.
How much can I claim in a data breach settlement?
How much you can claim in any data breach settlement will depend on a number of factors, including the specifics of the settlement, the amount of time you spent responding to the incident, the type and total amount of your out-of-pocket expenses, and how many claims are filed. There are never any guarantees as to whether a data breach lawsuit will be successful or how much they could provide to consumers; however, some of the largest data breach settlements obtained via class action lawsuits include a $350 million deal with T-Mobile and a $190 million deal with Capital One.
I’m looking for data breach class action settlements. Where can I find those?
We post class action settlements, including those involving data breaches, over on this page.
How do I know if I was part of a data breach?
If you were affected by a data breach, you should receive a notice via email or regular mail about the incident and what information may have been exposed. All 50 states require that businesses and governments alert consumers if their personal information is breached.
Anything else I should know?
If you’re interested in starting a class action lawsuit, you should know that those who elect to serve as a lead plaintiff are generally entitled to what’s known as a “service award” – that is, an additional payment for their help with the case. Typically, the lead plaintiff in a data breach case does not need to be involved as much as they would in other types of lawsuits. Depositions in these types of class actions are rare, and little documentation and information – aside from the initial data breach notice – is needed.
Plus, if you elect to serve as a lead plaintiff, you can feel good that you’re working to hold a company legally accountable for failing to protect the private information of potentially hundreds of thousands of individuals.
Received a notice but don’t see the breach listed here? Tell us about it using this form.
East River Medical Imaging reported that thousands of its patients and employees had their sensitive information exposed in a September 2023 data breach.
United Regional Health Care System in Wichita Falls, Texas announced a data breach that may have exposed nearly 37,000 individuals' personal and medical information.
Japanese electronics company Alps Alpine reported that its North American subsidiary was affected by a data breach that exposed employees' personal information.
Nonprofit organization Big Brothers Big Sisters of America reported a March 2023 data breach that may have exposed thousands of consumers' personal, financial and medical information.
Mission Community Hospital in California's San Fernando Valley is notifying patients of a data security incident that may have exposed their personal and medical information.
NSC Technologies is notifying employees and applicants that their personal information was exposed in a data breach it experienced in June 2023.
Medical College of Wisconsin reported that patients' personal and medical information was exposed during the massive MOVEit data breach in May 2023.
In November 2023, Warren General Hospital reported a data breach that affected thousands of patients and employees.
Midlothian, Texas pharmacy U.S. Drug Mart reported that it experienced a data breach that may have compromised consumers' personal and medical information.
Rusnak Auto Group announced a data breach that may have exposed consumers' names and Social Security numbers between June 13 and June 16, 2023.
Tri Counties Bank reported that in February 2023, an unauthorized party may have gained access to personal information belonging to customers and employees, among others.
In November 2023, Stanley Steemer reported a hacking incident that has exposed the private information of thousands of individuals.
MESVision and Gerber Life Insurance Company are sending notices to nearly 27,000 individuals whose personal and health insurance information may have been exposed in a 2023 data breach affecting a widely used file transfer system known as MOVEIt.
Synergy Healthcare Services reported that a data breach may have exposed personal and health information of patients and others affiliated with certain long-term care providers.
Financial Asset Management Systems is reporting a late March 2023 security incident that allowed certain information stored on its network to be obtained by an unauthorized party.
Pacific Union College reported that over 56,000 individuals' personal and financial information was compromised in a data breach that occurred between March 5 and 19, 2023.
CRC Insurance Services reported that in January 2023, an unauthorized party may have gained access to personal and health information belonging to consumers associated with its insurance carrier and agency partners.
Deer Oaks is notifying consumers that their protected health information may have been accessed without authorization during a security incident discovered in early September.
Georgia Northside Ear, Nose, and Throat began notifying patients in September 2023 that their personal and medical information was exposed in a data breach discovered in August of this year.
Peerstar LLC announced a data breach during which an unauthorized third party may have accessed the personal and health information of more than 11,000 patients between February 22 and March 3, 2023.
Atlas Healthcare announced that personal information belonging to over 10,000 residents of three of its Connecticut assisted living facilities was exposed in a data breach in January 2023.
Ben E. Keith Company reported in October 2023 that consumers’ names and Social Security numbers were exposed in a data breach it experienced earlier this year.
Pension Benefit Information is notifying Nassau Life and Annuity customers that their personal information may have been exposed in the massive MOVEit data breach that occurred in late May 2023.
Pension Benefit Information reported in August 2023 that the massive MOVEit data breach impacted consumers affiliated with Consolidated Edison Company of New York (ConEd).
Around August 29, 2023, Cornwell Quality Tools began sending out notice of a data breach that reportedly impacted 11,884 individuals.
In September 2023, Texas Medical Liability Trust reported that a breach of its systems may have compromised the data of nearly 60,000 individuals.
Vi Living reported in September 2023 that an unauthorized party accessed consumers' personal information during a March data breach.
Data Media Associates began notifying patients in August 2023 that their personal and health information was exposed in a data breach it discovered in early June of this year.
In October 2023, Lennar Corporation reported a hacking incident that affected thousands of individuals.