Data Breach Lawsuits & Investigations
Every year, hundreds of millions of people are affected by data breaches that can leave them vulnerable to identity theft, credit damage, reputational harm and more.
Class action lawsuits remain one of the strongest ways to hold companies accountable for leaving consumers’, employees’ and patients’ private information unprotected. Indeed, some have resulted in multi-million-dollar settlements on behalf of those who – through no fault of their own – had their information stolen and, in the worst cases, even published on the dark web.
When a data breach lawsuit is successful, it can also require the company at fault to implement new security protocols to ensure the information it is entrusted with – medical, financial and otherwise – stays safe.
Got a data breach notice?
Scroll down to see the list of data breaches attorneys working with ClassAction.org are currently investigating. If you see one that looks familiar, click through to learn more about the breach and what you can do to potentially help get a class action lawsuit started.
And remember – don’t throw your notice away! It essentially serves as proof that you were affected by a specific security incident and can be vital if you choose to take legal action for the harm you suffered.
We update this page often with new data breach investigations, so make sure to bookmark it and come back regularly. You can also sign up for our free newsletter, which is sent on a weekly basis and includes our latest data breach alerts.
Received a notice but don’t see the breach listed here? Tell us about it using this form.
Featured Data Breaches
Keesal, Young & Logan Data Breach
November 2024The West Coast business law firm recently announced that a June 2024 data breach exposed the private information of over 315,000 individuals.
OnePoint Patient Care Data Breach
October 2024OnePoint Patient Care, a pharmacy benefit manager and dispensing pharmacy for hospices, is notifying patients of an August 2024 data breach that may have compromised their personal information.
Rockford Gastroenterology Associates Data Breach
October 2024A data breach at the Illinois gastroenterology practice may have exposed the personal and health information of more than 147,000 individuals.
Blue Yonder Data Breach
November 2024The supply chain management software provider reportedly experienced a ransomware attack in late November 2024 that crippled many of its clients' systems.
Great Plains Regional Medical Center Data Breach
November 2024The Elk City, Oklahoma medical center has reported a September 2024 data breach that impacted over 133,000 patients.
Smile Design Management Data Breach
October 2024Smile Design, which operates dozens of dental clinics throughout Florida, has announced a data breach that compromised certain personal information in February 2024.
Recent Data Breaches
Received a notice but don’t see the breach listed here? Tell us about it using this form.
Universal Pegasus International Data Breach
November 2024UniversalPegasus International is notifying individuals that their personal information may have been exposed when an unauthorized party accessed its computer systems in June 2023.
SAG-AFTRA Health Plan Data Breach
December 2024SAG-AFTRA Health Plan participants may have had their personal information exposed when an unauthorized party gained access to an employee email account in September 2024.
Mid-Ohio Psychological Services, Inc. Data Breach
November 2024Mid-Ohio Psychological Services, Inc., a provider of mental health and substance abuse support, has disclosed a data breach affecting 40,345 individuals.
ESHA Data Breach
November 2024ESHA, Inc., a revenue cycle management company, has reported that the personal and health information of nearly 77,000 individuals may have been exposed in a July 2024 data breach.
Colonial Behavioral Health Data Breach
November 2024Colonial Behavioral Health is notifying customers of a data breach that may have exposed their information in October 2024.
Liberty First Credit Union Data Breach
November 2024The Nebraska credit union has reported a September 2024 data breach that may have impacted over 52,000 individuals.
Keesal, Young & Logan Data Breach
November 2024The West Coast business law firm recently announced that a June 2024 data breach exposed the private information of over 315,000 individuals.
Mark Cerrone Data Breach
November 2024Mark Cerrone, a construction company serving Western New York, is sending notice of a data breach that may have exposed individuals’ names and Social Security numbers.
Datamaxx Applied Technologies Data Breach
November 2024Datamaxx experienced a data breach in December 2023 that allowed for unauthorized access to files containing personal information.
Holstrom, Block & Parke Data Breach
November 2024Clients of the California law firm may have had their personal information exposed in a data breach that occurred from late August to early September 2024.
Blue Yonder Data Breach
November 2024The supply chain management software provider reportedly experienced a ransomware attack in late November 2024 that crippled many of its clients' systems.
Citadel of Northbrook Data Breach
November 2024Illinois nursing and rehabilitation center Citadel of Northbrook is sending notice of a data breach that may have exposed patients’ personal information.
UMC Health System Data Breach
November 2024Patients of UMC Health System may have had their personal and medical information exposed in a September 2024 ransomware attack on the Texas medical provider.
Medica Corporation Data Breach
November 2024Medica Corporation is notifying current and former employees that their private information may have been exposed to hackers.
Northern Safety Company, Inc Data Breach
November 2024Current and former employees, as well as their beneficiaries, may have had their personal data exposed in a data breach at the safety and industrial supplier.
Furman Foods, Inc. Data Breach
November 2024Furman Foods, which does business as Furmano's, is notifying current and former employees of a data breach that may have exposed their personal information.
LCPtracker, Inc. Data Breach
November 2024LCPtracker is sending notice of a data breach that compromised private information in August 2024.
Pacific Pulmonary Medical Group Data Breach
November 2024Reports have surfaced that a data breach at Pacific Pulmonary Medical Group may have exposed patients' personal and health information.
Atlantic Orthopaedic Specialists Data Breach
November 2024More than 15,000 people may have had their personal and health data exposed in a 2024 data breach at Atlantic Orthopaedic Specialists.
Maternal Fetal Medicine Associates, PLLC Data Breach
November 2024Maternal Fetal Medicine Associates, Carnegie Hill Imaging and Carnegie Women's Health have reported a months-long data breach that may have compromised patient information.
Dome Construction Corporation Data Breach
November 2024Dome Construction, a general contractor in California, is notifying employees of a data breach that may have exposed their information in late October 2024.
The physician-owned medical practice is sending notice of a September 2024 data breach that may have impacted patients and employees.
VPS of MI., PLLC Data Breach
November 2024Home health services provider Visiting Physicians Services has reported a June 2024 data breach that affected over 20,600 individuals.
Farmers New World Life Insurance Company Data Breach
November 2024Individuals are receiving notice of a data breach at Infosys McCamish Systems that exposed information related to Farmers New World Life Insurance Co. policies and annuities.
Targus Data Breach
November 2024Computer accessories retailer Targus is notifying individuals whose names and Social Security numbers may have been exposed in an April 2024 data breach.
Saint Thomas Aquinas High School Inc. Data Breach
November 2024The Fort Lauderdale, Florida private school has reported that over 37,000 consumers' personal information may have been exposed in a July 2024 data breach.
Members Trust Company Data Breach
November 2024Members Trust Company is notifying employees that their information may have been exposed in September and October 2023 when an unauthorized party accessed company email accounts.
vTech Solution, Inc. Data Breach
November 2024vTech Solution, a managed IT services firm, is notifying individuals of a data breach that may have exposed names and Social Security numbers.
Bojangles’ Restaurants Data Breach
November 2024Bojangles' Restaurants, Inc. is notifying individuals of a February-March 2024 data breach that may have exposed consumers' personal, financial and medical information.
Rockford Gastroenterology Associates Data Breach
October 2024A data breach at the Illinois gastroenterology practice may have exposed the personal and health information of more than 147,000 individuals.
Equinox Inc. Data Breach
November 2024Equinox Inc., a nonprofit organization in Albany, New York, is sending notice of a data breach that may have exposed private information.
In-Home Attendant Services, Ltd. Data Breach
November 2024In-Home Attendant Services has reported a data breach that may have exposed consumers' personal, financial and medical information.
Vista Point Mortgage, LLC Data Breach
November 2024The mortgage lender has reported a data breach involving compromised email accounts that may have exposed personal information for over 13,000 people.
Somerville, Inc. Data Breach
November 2024Somerville, Inc., an architecture and engineering firm, is sending notice to individuals whose private information may have been compromised in a data breach.
PracticeSuite, Inc. Data Breach
November 2024PracticeSuite, a medical office management software provider, has reported a data breach that may have exposed consumers' personal, medical and financial information.
Maxar Space Systems Data Breach
November 2024The space technology company is notifying employees of an October 2024 incident during which a hacker may have accessed their personal information.
TriHealth Data Breach
November 2024Ohio-based health system TriHealth is notifying patients of a data security incident that affected files related to For Women, an independent OB/GYN practice that joined TriHealth in January 2020.
Great Plains Regional Medical Center Data Breach
November 2024The Elk City, Oklahoma medical center has reported a September 2024 data breach that impacted over 133,000 patients.
RBN and Associates, Inc. Data Breach
November 2024RBN Insurance Services has reported a data breach involving unauthorized access to an employee email account that may have affected over 10,000 individuals.
Brunswick Hospital Center Data Breach
November 2024Brunswick Hospital Center reported a 2024 data breach that exposed individuals’ personal and medical information.
Debt collector First Financial Portfolio Venture Capital and its affiliates are sending notice of a February 2024 data breach that impacted third-party service provider Financial Business and Consumer Solutions.
YMCA of Central Florida Data Breach
November 2024YMCA of Central Florida has reportedly experienced a data breach, and the nonprofit is now sending notice to those whose private information may have been impacted.
AnnieMac Home Mortgage Data Breach
November 2024More than 171,000 individuals are affected by an August 2024 data breach at AnnieMac, a nationwide mortgage provider.
PLA Data Breach
November 2024PLA, a pallet company and logistics provider, has begun sending out notice of a data breach that reportedly impacted more than 18,200 individuals.
WD & Associates Data Breach
November 2024WD & Associates, a full-service insurance, retirement planning and compliance services company, is notifying individuals of a February 2023 data breach that may have exposed personal, medical and financial information.
TEAM Software Data Breach
October 2024TEAM Software has reported a July 2024 data breach that may have compromised the sensitive information of over 99,000 people.
Rex Signature Services, LLC Data Breach
November 2024Rex Signature Services is notifying individuals about the potential exposure of their personal information in an April 2024 data breach.
Sanford-Brown College Data Breach
November 2024Sanford-Brown College is notifying former students that their information may have been exposed in a data breach affecting debt collector Financial Business and Consumer Solutions.
BBS Financial Services, LLC Data Breach
November 2024BBS Financial Services is providing notice of a data breach that affected over 70,000 individuals whose information was involved in the firm's tax preparation, payroll or medical billing services.
Huron, Inc. Data Breach
November 2024Huron, Inc. has reported a data breach that exposed individuals’ names, Social Security numbers, health insurance claim information and dates of birth in September 2024.
WinStar Farm LLC Data Breach
November 2024WinStar Farm is notifying individuals of a July 2024 data breach that may have compromised their names and Social Security numbers.
Amazon Data Breach
November 2024Amazon has reportedly confirmed a data breach after over 2.8 million lines of employee data was recently leaked on a hacking forum.
Project Hospitality Inc. Data Breach
November 2024Project Hospitality Inc. is mailing notice letters about a data breach that compromised individuals’ Social Security numbers, medical info and more.
Foley Material Handling Company, Inc. Data Breach
November 2024The crane and hoist manufacturer has reported a data breach discovered in May 2024 that may have compromised Social Security numbers, dates of birth and more.
Michigan Masonic Home Data Breach
November 2024Michigan Masonic Home is notifying individuals whose information may have been exposed through unauthorized access to employee email accounts.
Continental Cafe Holdings, LLC Data Breach
November 2024Food service contractor Continental Cafe Holdings is sending notice of an October 2024 data breach that exposed personal, financial and health information.
Denkai America Inc. Data Breach
November 2024Denkai America, an electrodeposited copper foil manufacturer, has reported a cybersecurity incident that compromised consumers' names and Social Security numbers.
Thompson Coburn LLP Data Breach
November 2024Thompson Coburn LLP is sending notice of a May 2024 data breach that impacted the private information of more than 305,000 patients of Presbyterian Healthcare Services.
South West Family Medicine Associates, PA Data Breach
November 2024An August 2024 cyber security incident at Southwest Family Medicine Associates has affected nearly 37,000 individuals.
Sango Family Dentistry Data Breach
October 2024Sango Family Dentistry has reported an August 2024 data breach that exposed employees’ and patients’ private information.
Raimondo Pettit Group Data Breach
November 2024Public accounting firm Raimondo Pettit Group has reported a data breach that exposed consumers' Social Security numbers and financial information in September 2023.
Kaiser Permanente Data Breach
November 2024Kaiser Permanente is notifying individuals who may have been affected by an August-September 2024 data breach that involved unauthorized access to two employee email accounts.
Capital One Data Breach
November 2024Additional Kohl’s credit card customers are being notified of a data breach that targeted Financial Business and Consumer Solutions, a debt collection agency.
Professional Probation Services Data Breach
November 2024Reports have surfaced that Professional Probation Services may have exposed Social Security numbers and other personal data belonging to thousands of probationers.
Perdoceo Education Corporation Data Breach
October 2024Perdoceo Education Corporation, which operates several academic institutions, is notifying students that their data may have been exposed in a breach affecting debt collector Financial Business and Consumer Solutions.
Oklahoma Spine Hospital Data Breach
November 2024Unauthorized access to an employee email account at the Oklahoma City-based hospital may have led to the exposure of personal, financial and medical data.
Gloves Holdings, LP Data Breach
November 2024Gloves Holdings (which does business as Protective Industrial Products) is sending notice of a September 2024 data breach that exposed Social Security numbers and more.
Cornerstone Bank Data Breach
November 2024Cornerstone Bank is notifying consumers that their personal information may have been exposed during a cybersecurity incident discovered in July 2024.
Redwood Coast Regional Center Data Breach
November 2024Redwood Coast Regional Center is notifying individuals of a March 2024 data breach that may have exposed personal, medical and financial information.
MWI Veterinary Supply, Inc. Data Breach
November 2024Current and former employees, their dependents and individuals associated with customers of MWI Veterinary Supply, which was acquired by AmerisourceBergen, are being notified of a data breach that may have exposed their personal information.
A December 2023 data breach may have impacted individuals associated with healthcare facilities supported by Cornerstone Healthcare Group Management Services.
Rush Enterprises, Inc. Data Breach
November 2024Rush Enterprises, Inc. is notifying individuals whose private information may have been leaked when two employee email accounts got hacked earlier this year.
Mass General Brigham Health Plan Data Breach
November 2024Mass General Brigham Health Plan is notifying providers that some of their sensitive personal information may have been revealed in an email from a customer service representative in August 2024.
SelectBlinds Data Breach
October 2024SelectBlinds is notifying individuals of a data breach involving malware that gathered customers' online checkout information from January to September 2024.
Eagle Bank Data Breach
November 2024Eagle Bank is notifying customers that their MasterCard debit card information may have been exposed in a data breach that targeted a merchant’s network.
Minuteman Senior Services Data Breach
October 2024A June 2022 data breach at Massachusetts-based Minuteman Senior Services may have exposed personal, medical and financial information; affected individuals are now being notified.
Casio Computer Co., Ltd. Data Breach
October 2024Casio has confirmed that a ransomware attack compromised personal information belonging to employees, contractors, business partners, customers, and people who interviewed for jobs.
Stryker Corporation Data Breach
October 2024Medical technology company Stryker Corporation is reporting that an unauthorized party gained access to its systems in mid-2024, exposing both personal and medical information.
Seneca Financial Advisors LLC Data Breach
October 2024Seneca Financial Advisors recently reported a months-long data breach involving unauthorized access to an employee's email account.
St. Anthony Regional Hospital Data Breach
October 2024St. Anthony Regional Hospital in Iowa is alerting current and former patients to an August 2024 data breach that may have exposed their personal, financial and medical information.
Prime Case LLC Data Breach
October 2024Prime Case LLC, a legal funding service that provides cash advances from pending lawsuits, is notifying individuals of a data breach that may have exposed their private information.
MembersOwn Credit Union Data Breach
October 2024MembersOwn Credit Union has announced a 2024 data breach affecting the personal information of those who applied for or received a loan from the Nebraska-based financial institution.
Center for Urban Community Services Data Breach
October 2024More than 30,000 individuals may have been impacted by a September 2023 data breach at The Center for Urban Community Services.
Mystic Valley Elder Services Data Breach
October 2024Mystic Valley Elder Services is notifying individuals about the potential exposure of their personal information in an April 2024 data breach.
Boart Longyear Group, Ltd. Data Breach
October 2024Drilling services and equipment provider Boart Longyear is notifying individuals of a mid-2024 data breach in which an unauthorized party accessed personal, medical and financial information.
Newtyn Management, LLC Data Breach
October 2024Newtyn Management has reportedly experienced a data breach, and the New York City investment firm is now sending notice to those whose private information may have been impacted.
Chimienti & Associates Data Breach
October 2024Chimienti & Associates is notifying consumers about a March 2024 data breach that potentially exposed their Social Security numbers and other private information.
Harvard Pilgrim Health Care Data Breach
October 2024Harvard Pilgrim Health Care has reported a data breach due to a "mailing error" that resulted in consumers' personal information being inadvertently displayed in window envelopes in September 2024.
Gandara Mental Health Center Data Breach
October 2024Current and former patients of the Mass.-based behavioral health and substance use treatment provider may have had their personal and medical information exposed in a June 2024 data breach.
OnePoint Patient Care Data Breach
October 2024OnePoint Patient Care, a pharmacy benefit manager and dispensing pharmacy for hospices, is notifying patients of an August 2024 data breach that may have compromised their personal information.
Alta Resources Corporation Data Breach
October 2024Alta Resources Corporation, which provides business process outsourcing services to clients including Church & Dwight Co., Inc., has announced a data breach that exposed consumers' personal and financial information.
Brighthouse Life Insurance Company Data Breach
October 2024Brighthouse Life Insurance Company has disclosed a data breach at a third party that may have exposed consumers' Social Security numbers and other personal information in February 2024.
Smile Design Management Data Breach
October 2024Smile Design, which operates dozens of dental clinics throughout Florida, has announced a data breach that compromised certain personal information in February 2024.
More than 36,000 people are reportedly affected by a data breach at Abbott Laboratories Employees Credit Union that exposed personal and financial information.
Loring, Wolcott & Coolidge Data Breach
October 2024Boston-based financial planning firm Loring, Wolcott & Coolidge is notifying individuals about the potential exposure of their personal information in a data breach that took place between April and May 2024.
Clay Platte Family Medicine Data Breach
October 2024Clay Platte Family Medicine is notifying individuals of a June 2024 data breach impacting certain personal health data maintained by the Missouri provider and clinics it shares patients with—namely, Summit Family and Sports Medicine Clinic, Cobblestone Family Medicine Clinic, and Barry Pointe Family Medicine Clinic.
Datavant Group Data Breach
October 2024Health information technology company Ciox Health, which does business as Datavant Group, reported a data breach to the U.S. Department of Health and Human Services on October 7, 2024.
Bayhealth Medical Center Data Breach
October 2024Bayhealth Medical Center, a healthcare system in Delaware, has reportedly experienced a ransomware attack in which consumers' Social Security numbers, medical information and health insurance details were stolen.
Globe Life Data Breach
October 2024Globe Life, Inc. has announced that an unknown threat actor is seeking to extort money in exchange for not revealing personal information related to subsidiary American Income Life Insurance Company and certain customers.
CreditRiskMonitor.com, Inc. Data Breach
October 2024CreditRiskMonitor.com has reported a July 2024 data breach that exposed employees' and contractors' sensitive information to unauthorized access.
Join the Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Data Breach FAQs
I got a data breach notification. Does this definitely mean my info is being used fraudulently?
Not necessarily. When a company experiences a data breach, state law requires that it notify affected individuals. Receiving a letter does not automatically mean that your personal information is being used fraudulently – it just means your information was exposed in a data security incident and has the potential for being misused.
What should I do if I get a data breach letter?
If you get a data breach notice, make sure to read it closely. It should contain information on what happened, what information was involved, what the company is doing about it, steps you can take to protect yourself, and how you can get more information.
Some companies may offer free credit and/or identity theft monitoring for a period of time following a data breach, and the notice should include instructions on how to sign up. If you’re offered free monitoring, take advantage of it; signing up should not affect any legal claim you may have against the company.
Importantly, if you get a data breach letter, don’t throw it out! If you are interested in helping any of the investigations listed on this page, attorneys will want to see the letter you received.
Why do attorneys need to see my data breach notice?
Attorneys working with ClassAction.org are specifically looking to hear from people with a data breach notice because it essentially serves as proof that the individual was a victim of the incident and makes for a stronger legal claim.
So, I can sue over a data breach?
Yes. If your data was exposed in a security incident, you may be able to sue the company or companies responsible. Dozens of data breach class action lawsuits are filed each month, and this number only continues to increase. You can check out the proposed data breach class actions we’ve covered recently over on our newswire.
Can you give me an example of a data breach notification letter?
Absolutely. Here is an example of one sent to Forever 21 employees following a massive data breach that occurred in March 2023. This is the letter sent to consumers affected by the MAPFRE insurance data breach in late August 2023. In some cases, notices may be sent via email.
What if I never heard of the company that sent me a data breach notice?
It’s important to note that, in rare cases, you may not recognize the company sending the letter, but this does not mean it was sent in error.
For instance, a May 2023 data incident affecting a popular file transfer tool caused millions of individuals to have their information exposed. In this instance, many of the data breach letters were sent by a third-party vendor of the affected companies. For example, PBI Research Services sent this letter to customers of Corebridge Financial.
What if I threw my data breach notice out?
It’s important that, if you receive any data breach notice, you do not throw it out. If you’ve already done so, you may want to check the company’s website for their official notice of the breach – it should include the same information that was in your notice. You may also want to check the post for a dedicated number consumers can call with questions about the security incident. It’s worth a call to see if they can resend your notice, but this may not be possible.
What if I think I’m affected but haven’t received a notice?
Notices aren’t always sent immediately after a breach hits the news, so you may just have to be patient. Otherwise, you can check the company’s website to see if they’ve posted a notice about the breach – it may contain a number you can call with questions. They should, at the very least, be able to answer when notices are expected to go out and may also be able to confirm whether you were affected.
Be sure to bookmark our page and come back to it if you believe you’ve been affected by a data breach listed below but haven’t received a notice yet.
What kind of damages can I claim for a data breach?
In general, data breach victims can seek compensation for lost time responding to the incident, out-of-pocket costs related to the breach and loss of privacy.
Depending on the specifics of the data breach, out-of-pocket costs may include some of the following: money spent on preventative measures, such as identity theft and/or credit monitoring; service fees to replace stolen cards; money spent on credit reports and/or credit freezes; the costs associated with obtaining background checks or medical records; increased health insurance costs; and money lost via fraudulent transactions, fraudulent medical bills or stolen tax refunds.
Further damages may become available depending on the type of information exposed. For instance, if a person’s health data is leaked, they may be able to recover money for reputational damage if they are denied medical care or insurance coverage. Likewise, a person whose Social Security number is exposed may be able to recover money for damage to their credit.
How much can I claim in a data breach settlement?
How much you can claim in any data breach settlement will depend on a number of factors, including the specifics of the settlement, the amount of time you spent responding to the incident, the type and total amount of your out-of-pocket expenses, and how many claims are filed. There are never any guarantees as to whether a data breach lawsuit will be successful or how much they could provide to consumers; however, some of the largest data breach settlements obtained via class action lawsuits include a $350 million deal with T-Mobile and a $190 million deal with Capital One.
I’m looking for data breach class action settlements. Where can I find those?
We post class action settlements, including those involving data breaches, over on this page.
How do I know if I was part of a data breach?
If you were affected by a data breach, you should receive a notice via email or regular mail about the incident and what information may have been exposed. All 50 states require that businesses and governments alert consumers if their personal information is breached.
Anything else I should know?
If you’re interested in starting a class action lawsuit, you should know that those who elect to serve as a lead plaintiff are generally entitled to what’s known as a “service award” – that is, an additional payment for their help with the case. Typically, the lead plaintiff in a data breach case does not need to be involved as much as they would in other types of lawsuits. Depositions in these types of class actions are rare, and little documentation and information – aside from the initial data breach notice – is needed.
Plus, if you elect to serve as a lead plaintiff, you can feel good that you’re working to hold a company legally accountable for failing to protect the private information of potentially hundreds of thousands of individuals.
What if there’s a data breach settlement?
In the event of a data breach lawsuit settlement, ClassAction.org will have the complete details over on our class action settlements page.