Data Breach Lawsuits & Investigations
Every year, hundreds of millions of people are affected by data breaches that can leave them vulnerable to identity theft, credit damage, reputational harm and more.
Class action lawsuits remain one of the strongest ways to hold companies accountable for leaving consumers’, employees’ and patients’ private information unprotected. Indeed, some have resulted in multi-million-dollar settlements on behalf of those who – through no fault of their own – had their information stolen and, in the worst cases, even published on the dark web.
When a data breach lawsuit is successful, it can also require the company at fault to implement new security protocols to ensure the information it is entrusted with – medical, financial and otherwise – stays safe.
Got a data breach notice?
Scroll down to see the list of data breaches attorneys working with ClassAction.org are currently investigating. If you see one that looks familiar, click through to learn more about the breach and what you can do to potentially help get a class action lawsuit started.
And remember – don’t throw your notice away! It essentially serves as proof that you were affected by a specific security incident and can be vital if you choose to take legal action for the harm you suffered.
We update this page often with new data breach investigations, so make sure to bookmark it and come back regularly. You can also sign up for our free newsletter, which is sent on a weekly basis and includes our latest data breach alerts.
Received a notice but don’t see the breach listed here? Tell us about it using this form.
Featured Data Breaches
LexisNexis Risk Solutions has reported a December 2024 data breach at a third-party software development platform that affected over 340,000 people.
UChicago Medicine Medical Group is informing individuals that their personal information may have been compromised in a security incident affecting third-party vendor Nationwide Recovery Services.
Texas financial institution American National Bank & Trust has reported a January 2025 data breach that exposed personal, financial and medical information.
Berkeley Research Group Data Breach
April 2025
Berkeley Research Group has reportedly experienced a cyberattack that may have impacted claims information of clergy sexual abuse survivors.
Orthopaedic Specialists of Connecticut is notifying current and former patients about a March 2025 data breach that may have exposed personal and medical information.
Laboratory Services Cooperative Data Breach
April 2025
Laboratory Services Cooperative (LSC) has reported a massive data breach that may have impacted LSC employees and people who visited certain Planned Parenthood centers and received or were referred for lab tests.
Recent Data Breaches
Received a notice but don’t see the breach listed here? Tell us about it using this form.
Lanigan Ryan Data Breach
May 2025
Accounting and advisory firm Lanigan Ryan is notifying individuals whose personal information was exposed in a December 2024 data breach.
UChicago Medicine Medical Group is informing individuals that their personal information may have been compromised in a security incident affecting third-party vendor Nationwide Recovery Services.
LexisNexis Risk Solutions has reported a December 2024 data breach at a third-party software development platform that affected over 340,000 people.
Texas financial institution American National Bank & Trust has reported a January 2025 data breach that exposed personal, financial and medical information.
California law firm Kronick Moskovitz Tiedemann & Girard has reported a data breach impacting the personal information of more than 24,000 individuals.
The Cooper Health System Data Breach
May 2025
The Cooper Health System, which operates hospitals, urgent care centers and outpatient offices in New Jersey, has reported a data breach impacting over 50,000 people.
North Carolina-based Pinehurst Radiology Associates has reported that a data breach may have exposed patient data, including treatment details and diagnoses.
Ruffolo, Hooper & Associates, MD, PA, a physician-owned medical practice in Florida that offers anatomic and clinical pathology services, is notifying individuals about a data incident affecting Nationwide Recovery Services (NRS), a third-party vendor.
Alera Group Data Breach
May 2025
More than 10,000 people are reportedly affected by a mid-2024 data breach at Alera Group, Inc., a national insurance and financial services firm.
Branhaven Motors Inc. Data Breach
May 2025
Branhaven Motors Inc., which operates the Branhaven Chrysler Dodge Jeep Ram dealership in Branford, Connecticut, has reported a data breach involving unauthorized access to its computer systems between September 9 and September 10, 2024.
Casner & Edwards, LLP Data Breach
May 2025
Nearly 13,000 individuals are reportedly affected by a March 2024 data breach at Boston-based Casner & Edwards, LLP.
United Food and Commercial Workers International Union (UFCW) has reported that unauthorized access to its email environment in early 2025 may have compromised personal information.
On May 19, 2025, Community Hospital of Anaconda, located in Montana, announced a data breach involving personal and protected health information.
Massachusetts-based Community Counseling of Bristol County, Inc. (CCBC) is sending notice letters about a May 2024 data breach that may have impacted more than 45,000 individuals.
Radiology Chartered Data Breach
May 2025
Radiology Chartered of Green Bay, Wisconsin has reported that personal information was affected by a data breach at vendor Nationwide Recovery Services.
Balance Autism Data Breach
May 2025
Iowa-based Balance Autism is providing notice of a 2025 data breach that may have exposed personal information.
Compassion Health Care Data Breach
May 2025
A March 2025 data breach at North Carolina medical provider Compassion Health Care, Inc. has reportedly exposed sensitive details of patients, employees and vendors.
Pennsylvania Farm Bureau Data Breach
May 2025
Pennsylvania Farm Bureau is notifying individuals affected by a December 2024 data breach that exposed Social Security numbers, financial details and more.
Communications Data Group, a billing vendor for Kentucky internet and phone service provider Duo Broadband, is notifying Duo customers affected by a data breach.
Coinbase Data Breach
May 2025
Crypto giant Coinbase recently reported that cybercriminals gained access to customers' personal information by bribing overseas support employees to copy data.
TV Guide Magazine Data Breach
May 2025
TV Guide Magazine is notifying individuals about an October 2024 data breach that may have exposed personal information, including Social Security numbers.
Hunter Health Clinic Data Breach
May 2025
More than 30,000 individuals may have had their personal, medical and financial information exposed in a data breach affecting Wichita, Kansas-based Hunter Health Clinic.
EB Archbald & Associates, Inc., which specializes in energy production accounting services for oil and gas producers, has reported a ransomware attack that potentially exposed personal information.
Oklahoma-based CardioVascular Health Clinic has reported an early 2025 data breach that may have exposed personal, medical and financial information.
MBE CPAs, LLP Data Breach
May 2025
Accounting firm MBE CPAs is alerting individuals to a data breach that may have exposed financial information.
MedicareCompareUSA Data Breach
May 2025
MedicareCompareUSA customers and brokers may have been affected by a November 2024 data breach that exposed personal, financial and insurance information.
Oxford Life Insurance Company is notifying policyholders, claimants and insurance agents who may be affected by a February 2025 data breach.
Berkeley Research Group Data Breach
April 2025
Berkeley Research Group has reportedly experienced a cyberattack that may have impacted claims information of clergy sexual abuse survivors.
Wilson Automotive Data Breach
May 2025
Wilson Automotive, which operates auto dealerships across the Southwest, has reported that several locations were affected by an August 2024 data breach.
WaterStreet Company Data Breach
May 2025
WaterStreet Company, which provides software and services in the insurance industry, is notifying individuals affected by a March 2025 data breach.
SogoTrade Data Breach
May 2025
SogoTrade is sending notice of a May 2024 data breach that reportedly impacted over 48,600 people.
The Savannah neurosurgical practice has reported that a data breach may have impacted more than 32,000 individuals and exposed personal and medical information.
DermCare Management Data Breach
May 2025
DermCare Management, a dermatology practice management company, has reported a data breach that may have exposed the personal information of its partners' patients.
Starkville Utilities Data Breach
May 2025
Mississippi-based Starkville Utilities is alerting people about a 2024 data breach that impacted more than 11,500 people and potentially exposed personal information.
Sonrisas Dental Health Data Breach
May 2025
Sonrisas Dental Health, which serves San Mateo County in California, is reporting that a data breach may have exposed information belonging to both patients and employees.
GeoLogics Corporation Data Breach
May 2025
GeoLogics Corporation is sending notice of a December 2023 data breach that may have compromised the personal information of nearly 12,000 people.
Community Capital Management is notifying individuals of a data breach that exposed personal information, including Social Security numbers.
Brainard Surgery Center Data Breach
April 2025
Brainard Surgery Center is notifying individuals whose personal information may have been exposed in a data breach.
Scrubs & Beyond Data Breach
May 2025
Healthcare apparel company Scrubs & Beyond, which does business as Kindthread, is notifying individuals about a June 2024 data breach.
iHeartMedia Data Breach
April 2025
iHeartMedia is notifying individuals about a December 2024 data breach that may have exposed personal data.
Orthopaedic Specialists of Connecticut is notifying current and former patients about a March 2025 data breach that may have exposed personal and medical information.
Inova Data Breach
April 2025
Inova, a human resources and payroll services provider, is notifying individuals affected by a data breach that may have exposed Social Security numbers.
DRH Health Data Breach
April 2025
DRH Health, which operates two hospitals and 20 provider clinics in Oklahoma, is notifying patients about a data breach at its third-party vendor Nationwide Recovery Services.
Boston Medical Center Health System is notifying individuals of a data breach that involved unauthorized access to their BMC user accounts and exposed personal information.
Palo Verde Hospital Data Breach
April 2025
In March 2025, Palo Verde Hospital experienced a data breach that may have compromised patients’ personal information, medical data and more.
American Standard Data Breach
April 2025
Kitchen and bath fixture manufacturer American Standard has reported a data breach that may have exposed Social Security numbers.
Adkore Staffing Group Data Breach
April 2025
Adkore Staffing Group, a skilled labor staffing company headquartered in Overland Park, Kansas, is notifying individuals affected by a September 2024 data breach.
Best Collateral Data Breach
March 2025
California pawn shop operator Best Collateral is sending notice of a data breach that potentially exposed customers’ and employees’ personal information.
Arkansas Heart Hospital Data Breach
March 2025
Arkansas Heart Hospital, based in Little Rock, is working to notify patients of an early 2025 data breach involving unauthorized access to information within electronic medical records.
Alternate Solutions Health Network is notifying patients of a data breach that may have exposed their personal and health information.
Horizon Behavioral Health Data Breach
April 2025
Horizon Behavioral Health is notifying individuals that their personal information may have been exposed during a March 2025 ransomware attack.
Endue Software, a vendor used by Rheumatology Associates of Baltimore, is notifying patients whose information was exposed in a February 2025 data breach.
Onsite Mammography Data Breach
April 2025
More than 357,000 patients may have had their personal information exposed in a data breach at Onsite Mammography.
Fundamental Administrative Services, which operates healthcare facilities across the country, has reported that a months-long data breach of its computer network compromised personal, medical and financial information.
Bell Ambulance Data Breach
April 2025
Bell Ambulance has reported unauthorized access to its computer network in a data breach that impacted 114,000 individuals.
Mt. Baker Imaging and Northwest Radiologists announced a January 2025 data breach that may have exposed individuals’ personal and health information.
Claxton-Hepburn Medical Center Data Breach
April 2025
Patients at Claxton-Hepburn Medical Center and Carthage Area Hospital in New York are receiving notice of an August 2023 data breach that may have exposed personal and medical information.
Financial Plus Credit Union Data Breach
April 2025
Financial Plus Credit Union members are receiving notice of a December 2023 data breach that targeted account statement provider Doxim and may have impacted their private information.
Intealth Data Breach
April 2025
Intealth, which provides services to support the training and education of healthcare professionals, is notifying individuals affected by an April 2024 data breach.
The Hertz Corporation Data Breach
April 2025
Hertz is notifying individuals associated with its car rental brands, which include Dollar and Thrifty, about a data breach involving a third-party file transfer platform.
Minyard Morris Data Breach
April 2025
Minyard Morris, a family law firm in Newport Beach, California, reported that a June 2024 data breach may have compromised Social Security numbers, financial details, medical information and more.
Qmatic Data Breach
April 2025
A December 2024 data breach at Qmatic may have compromised individuals’ personal information, including Social Security numbers.
Legends International Data Breach
April 2025
Legends International, LLC is reporting that a 2024 data breach may have exposed personal information belonging to those who worked at or visited a venue managed by the live events company.
Home Telecom Data Breach
April 2025
Home Telecom is notifying customers of a data breach that may have exposed their names, addresses and Social Security numbers.
Vitruvian Health Data Breach
April 2025
Vitruvian Health is notifying patients who may have had their private information exposed in a July 2024 data breach that targeted a third-party collection agency.
Conduent Data Breach
April 2025
Conduent, a business solutions provider whose clients include government agencies in 46 states, reported a January 2025 data breach that reportedly exposed a significant amount of personal information.
CIO Partners Data Breach
April 2025
Recruiting firms CIO Partners and Talentric have reported a data breach that may have compromised Social Security numbers and more.
Business Insurance Services, Inc Data Breach
April 2025
Hawaii-based Business Insurance Services, Inc. has reported that an unauthorized individual gained access to its systems twice and potentially acquired the personal information of certain customers.
Cabot Medical Care Data Breach
April 2025
Cabot Medical Care is notifying patients of an early 2025 data breach that may have compromised their sensitive information.
Endue Software Data Breach
April 2025
Endue Software, which provides software to assist clients in managing infusion care across the country, has reported that a February 2025 data breach may have exposed the personal information of more than 118,000 individuals.
Whitman Hospital & Medical Clinics, which has locations throughout Southeast Washington, is notifying patients and health plan members affected by a recent data breach.
Alabama Ophthalmology Associates Data Breach
April 2025
Alabama Ophthalmology Associates is notifying current and former patients whose information was exposed in a January 2025 data breach.
Family Centers, Inc. Data Breach
March 2025
Family Centers, Inc., located in Greenwich, Connecticut, has reported a data breach involving personal and medical information to the U.S. Department of Health and Human Services.
Gilead Sciences Data Breach
April 2025
Trusaic, which provides compliance and reporting services to Gilead Sciences, is notifying individuals whose Social Security numbers were exposed in the shipping labels of 1095-C tax forms mailed in February 2025.
Unity National Bank of Houston Data Breach
April 2025
Unity National Bank of Houston has reported that a July 2024 data beach may have exposed customer data.
Laboratory Services Cooperative Data Breach
April 2025
Laboratory Services Cooperative (LSC) has reported a massive data breach that may have impacted LSC employees and people who visited certain Planned Parenthood centers and received or were referred for lab tests.
Personnel Decisions Research Institutes, LLC (PDRI), a talent management consulting firm and subsidiary of Pearson, has reported a data security incident involving unauthorized system activity.
ProSearch Strategies Data Breach
April 2025
A data breach detected by ProSearch on January 27, 2025 may have compromised Social Security numbers, financial account information and more.
Tempel Steel Company Data Breach
April 2025
Tempel Steel Company, LLC has announced that a February 2025 data breach may have exposed information belonging to participants of its health and welfare plan.
Veristat Data Breach
April 2025
Veristat, a contract research organization and consultancy, has reported a data breach that may have exposed Social Security numbers and driver's licenses.
Davenport & Company LLC Data Breach
April 2025
Davenport & Company LLC, which offers wealth management and financial advisory services, has reported a data breach involving sensitive personal information.
Salus Group Data Breach
April 2025
Benefits Partner, LLC, an insurance agency doing business as Salus Group, has reported an October 2024 data breach involving an employee email account.
Port of Seattle Data Breach
April 2025
The Port of Seattle, which operates the city's airport and seaport, is sending notice of an August 2024 ransomware attack that exposed employee and contractor information.
KMAM Management Data Breach
March 2025
Karl Malone Auto Group has reported an August 2024 data breach that may have compromised Social Security numbers and driver's license numbers.
Harcourts Prime Properties Data Breach
April 2025
Real estate company Harcourts Prime Properties is sending notice of a data breach that may have impacted agents’ private information.
SoloPoint Solutions, Inc. Data Breach
April 2025
Engineering recruiting firm SoloPoint Solutions, Inc. has reported that a recent data breach may have exposed employee records from human resources files.
Rödl Management, Inc. Data Breach
April 2025
Rödl & Partner, a professional services firm, is notifying individuals whose sensitive personal information may have been exposed in an early 2024 data breach.
Community Dental Care Data Breach
April 2025
Minnesota-based Community Dental Care is notifying patients and employees about a December 2024 data breach that may have exposed their personal information.
Special Tree Data Breach
March 2025
Special Tree, a neurorehabilitation provider in Romulus, Michigan, has reported a data breach that may have compromised personal information, including Social Security numbers.
Georgia Urology Data Breach
April 2025
More than 12,000 individuals were reportedly affected by a data breach that targeted Georgia Urology.
Ciuni & Panichi Data Breach
April 2025
Ciuni & Panichi, Inc., an Ohio firm providing tax, accounting and business advisory services, has reported a data breach that may have exposed personal details including Social Security numbers.
Northwest Retirement Plan Consultants Data Breach
February 2025
Northwest Retirement Plan Consultants, LLC, which provides retirement plan services, is notifying individuals about an August 2024 data breach that may have exposed personal data.
Mercer County Joint Township Community Hospital is sending notice to those whose private data may have been compromised during an April 2024 data breach.
California labor union United Domestic Workers of America, AFSCME Local 3930 has reported that an early 2025 security incident may have exposed internal human resources data.
Oracle Health Data Breach
March 2025
Reports have surfaced that a data breach at Oracle Health, which provides software for hospitals and other healthcare providers, may have exposed patient data.
An ex-University of Michigan assistant football coach has been charged with hacking the private accounts of thousands of student-athletes.
Chord Specialty Dental Partners Data Breach
March 2025
Dental support organization Chord Specialty Dental Partners has reported that a 2024 data breach may have exposed personal, medical and financial details.
Pacific Residential Mortgage Data Breach
March 2025
Pacific Residential Mortgage is notifying individuals that their private information may have been exposed in a data breach.
AOD Federal Credit Union Data Breach
March 2025
Alabama-based AOD Federal Credit Union has reported an August 2024 data breach that may have exposed personal and financial information.
Concord Orthopaedics Data Breach
March 2025
A data breach at a third-party vendor may have exposed personal and health information of Concord Orthopaedics patients.


Join the Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Data Breach FAQs
What is a data breach?
A data breach is a cybersecurity incident whereby an unauthorized party or parties gain access to sensitive, protected and/or confidential information belonging to an individual or organization.
The information stolen or compromised in a data breach can include, but may not be limited to, names, email addresses, physical addresses, passwords, dates of birth, Social Security numbers, passport numbers, driver’s license numbers, credit card numbers, debit card numbers, CVV numbers, medical information, diagnoses, health insurance information, biometric data, and taxpayer ID numbers. Data breaches also may involve sensitive business information, trade secrets or national security matters.
The causes of a data breach, sometimes called a cyberattack, can include software vulnerabilities, email-based phishing attempts, ransomware, accidental disclosure, access improperly given to computer systems, a lack of encryption, or hacking perpetrated by cybercriminals.
I got a data breach notification. Does this definitely mean my info is being used fraudulently?
Not necessarily. When a company experiences a data breach, state law requires that it notify affected individuals. Receiving a letter does not automatically mean that your personal information is being used fraudulently – it just means your information was exposed in a data security incident and has the potential for being misused.
If your Social Security number is involved in a data breach, you’ll want to monitor and check your credit report and financial accounts for any signs of identity theft. Warning signs of identity theft can include withdrawals from your bank account that you can’t explain, missing bills or other mail, contact from debt collectors you don’t recognize, unfamiliar charges on your debit/credit cards, and unfamiliar accounts or charges on your credit report.
If your identity is in fact stolen from a data breach, report it to the Federal Trade Commission on IdentityTheft.gov and receive a personalized recovery plan.
To help protect yourself from identity theft, you can contact each of the three major credit bureaus—Equifax, Experian and TransUnion—to place a credit freeze on your credit report. A credit freeze will restrict access to your credit information and prevent anyone from opening a new credit account in your name.
Freezing your credit in the event of a data breach does not harm your credit score and will stay in place on your credit report until you decide to lift it.
In addition, you can also place a fraud alert on your credit reports, which alerts businesses to check with you before any new account is opened in your name. However, unlike a credit freeze, a fraud alert does not prevent businesses from seeing your credit report data, the FTC says.
Anyone who is concerned about identity theft can place an initial fraud alert on their credit report for free. To do this online, visit the Equifax, Experian or TransUnion website; you don’t have to contact all three. An initial fraud alert typically lasts for one year and can be renewed should a consumer opt to do so.
Another, more serious form of identity theft protection in the event of a data breach is an extended fraud alert, which, like an initial fraud alert, requires a business to contact you before any new credit is issued in your name. To create an extended fraud alert, you must have experienced identity theft and completed an FTC identity theft report or filed a police report.
An extended fraud alert will exist on your credit report for seven years, after which it can be renewed so long as an FTC identity theft or police report is resubmitted. An extended fraud alert can also be set up online through Equifax, Experian or TransUnion.
What should I do if I get a data breach letter?
If you get a data breach notice, make sure to read it closely. It should contain information on what happened, what information was involved, what the company is doing about it, steps you can take to protect yourself, and how you can get more information.
Some companies may offer free credit and/or identity theft monitoring for a period of time following a data breach, and the notice should include instructions on how to sign up. If you’re offered free monitoring, take advantage of it; signing up should not affect any legal claim you may have against the company.
Importantly, if you get a data breach letter, don’t throw it out! If you are interested in helping any of the investigations listed on this page, attorneys will want to see the letter you received.
Why do attorneys need to see my data breach notice?
Attorneys working with ClassAction.org are specifically looking to hear from people with a data breach notice because it essentially serves as proof that the individual was a victim of the incident and makes for a stronger legal claim.
So, I can sue over a data breach?
Yes. If your data was exposed in a security incident, you may be able to sue the company or companies responsible. Dozens of data breach class action lawsuits are filed each month, and this number only continues to increase. You can check out the proposed data breach class actions we’ve covered recently over on our newswire.
How do I know if a data breach letter is legitimate?
To verify whether a data breach notice letter you received is real, the first step is to Google the company name, along with the words “data breach.” More often than not, the search results, which may include news articles, will reveal whether the data breach letter in your possession stems from a real-world cyberattack.
You can also check ClassAction.org directly to see if we’ve reported on the data breach, though it’s important to note that we do not cover every incident.
If you are unsure of whether a data breach notice is legit, contact the company directly through a verified channel to confirm the data breach. Many times, companies post data breach notices on their websites.
Generally, a data breach notice you receive via email will come from a company or organization’s official email address and will usually address you by name.
Do not click on any links in the notice that may look suspicious or don’t match the company’s official website. Lastly, keep an eye out for spelling and grammar mistakes in a data breach notice, as they might indicate that the message is fake.
Can you give me an example of a data breach notification letter?
Absolutely. Here is an example of one sent to Forever 21 employees following a massive data breach that occurred in March 2023. This is the letter sent to consumers affected by the MAPFRE insurance data breach in late August 2023. In some cases, notices may be sent via email.
What if I never heard of the company that sent me a data breach notice?
It’s important to note that, in rare cases, you may not recognize the company sending the letter, but this does not mean it was sent in error.
For instance, a May 2023 data incident affecting a popular file transfer tool caused millions of individuals to have their information exposed. In this instance, many of the data breach letters were sent by a third-party vendor of the affected companies. For example, PBI Research Services sent this letter to customers of Corebridge Financial.
What if I threw my data breach notice out?
It’s important that, if you receive any data breach notice, you do not throw it out. If you’ve already done so, you may want to check the company’s website for their official notice of the breach – it should include the same information that was in your notice. You may also want to check the post for a dedicated number consumers can call with questions about the security incident. It’s worth a call to see if they can resend your notice, but this may not be possible.
What if I think I’m affected but haven’t received a notice?
Notices aren’t always sent immediately after a breach hits the news, so you may just have to be patient. Otherwise, you can check the company’s website to see if they’ve posted a notice about the breach – it may contain a number you can call with questions. They should, at the very least, be able to answer when notices are expected to go out and may also be able to confirm whether you were affected.
Be sure to bookmark our page and come back to it if you believe you’ve been affected by a data breach listed below but haven’t received a notice yet.
What kind of damages can I claim for a data breach?
In general, data breach victims can seek compensation for lost time responding to the incident, out-of-pocket costs related to the breach and loss of privacy.
Depending on the specifics of the data breach, out-of-pocket costs may include some of the following: money spent on preventative measures, such as identity theft and/or credit monitoring; service fees to replace stolen cards; money spent on credit reports and/or credit freezes; the costs associated with obtaining background checks or medical records; increased health insurance costs; and money lost via fraudulent transactions, fraudulent medical bills or stolen tax refunds.
Further damages may become available depending on the type of information exposed. For instance, if a person’s health data is leaked, they may be able to recover money for reputational damage if they are denied medical care or insurance coverage. Likewise, a person whose Social Security number is exposed may be able to recover money for damage to their credit.
How much can I claim in a data breach settlement?
How much you can claim in any data breach settlement will depend on a number of factors, including the specifics of the settlement, the amount of time you spent responding to the incident, the type and total amount of your out-of-pocket expenses, and how many claims are filed. There are never any guarantees as to whether a data breach lawsuit will be successful or how much they could provide to consumers; however, some of the largest data breach settlements obtained via class action lawsuits include a $350 million deal with T-Mobile and a $190 million deal with Capital One.
I’m looking for data breach class action settlements. Where can I find those?
We post class action settlements, including those involving data breaches, over on this page.
How do I know if I was part of a data breach?
If you were affected by a data breach, you should receive a notice via email or regular mail about the incident and what information may have been exposed. All 50 states require that businesses and governments alert consumers if their personal information is breached.
How do I prevent a data breach?
While it may not be possible to completely secure your sensitive information, some steps you can take to protect yourself from a data breach and its fallout include:
- Using strong, complex passwords, preferably a different one for each account;
- Regularly changing passwords;
- Using multi-factor authentication (MFA) when available;
- Encrypting your data;
- Updating your devices’ software regularly;
- Shopping with a credit card, as you may incur less liability in the event of fraudulent charges or if your account is hacked; and
- Consistently monitoring your accounts for fraud, including by setting up account alerts.
It can also be helpful to have a response plan should your personally identifiable information become compromised in a data breach or cyberattack.
Always be wary of unsolicited correspondence from companies with whom you have no relationship, and never give anyone remote access to your devices.
What is the leading cause of data breaches?
According to InfoSec Institute, the leading cause of data breaches is human error, which may involve privilege misuse, stolen credentials or social engineering, a tactic whereby hackers can bypass having to create their own access points by goading individuals with legitimate access to grant it for them. Other common causes of data breaches and cyberattacks include weak credentials, software vulnerabilities, malware, ransomware, DNS attacks, improper API configuration and excessive permissions.
Anything else I should know?
If you’re interested in starting a class action lawsuit, you should know that those who elect to serve as a lead plaintiff are generally entitled to what’s known as a “service award” – that is, an additional payment for their help with the case. Typically, the lead plaintiff in a data breach case does not need to be involved as much as they would in other types of lawsuits. Depositions in these types of class actions are rare, and little documentation and information – aside from the initial data breach notice – is needed.
Plus, if you elect to serve as a lead plaintiff, you can feel good that you’re working to hold a company legally accountable for failing to protect the private information of potentially hundreds of thousands of individuals.
What if there’s a data breach settlement?
In the event of a data breach lawsuit settlement, ClassAction.org will have the complete details over on our class action settlements page.