in Newswire Published on January 31, 2023

2022 Data Breach Ignites Class Action Lawsuit Against Bay Bridge Administrators [SETTLED]

by Kelsey McCroskey

Last Updated on May 8, 2024

View Comments

Graham v. Bay Bridge Administrators, LLC

Filed: January 26, 2023 § 1:23-cv-00085

Read Complaint

Bay Bridge Administrators, LLC (BBA) faces a class action lawsuit that claims a data breach reportedly discovered in September 2022 was a direct result of the company’s allegedly deficient cybersecurity system.

Defendant(s)

Bay Bridge Administrators, LLC

Law(s)

Health Insurance Portability and Accountability Act Federal Trade Commission Act

State(s)

Texas

Categories

Technology Medical/Health Privacy Data Breach

May 8, 2024 – Bay Bridge Administrators Data Breach Lawsuit Settled for $2.5 Million; Settlement Website Is Live 

The proposed class action lawsuit detailed on this page, which was consolidated with several other Bay Bridge Administrators data breach lawsuits in February 2023, has been resolved with a settlement worth more than $2.5 million.

Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.

The Bay Bridge Administrators data breach settlement, which received preliminary approval from the court on March 26, 2024, covers all United States residents whose personal information was accessed during the security incident that is the subject of the data breach notice published by Bay Bridge Administrators on or around September 5, 2022.

The official Bay Bridge Administrators data breach settlement website can be found at BayBridgeDataSettlement.com.

To file a claim, head to this page. You will need the Claim ID and PIN found on your personalized settlement notice in order to proceed with filling out and submitting a claim form online.

The claim deadline for the Bay Bridge Administrators data breach settlement is July 24, 2024. 

Court documents share that class members may submit a claim form for reimbursement of up to $5,000 for documented out-of-pocket losses, including costs of credit monitoring services, unauthorized charges and other expenses reasonably attributable to the data breach.

In addition to (or instead of) reimbursement for losses, class members can also submit a claim for a pro-rata cash payment, estimated to be $50. Cash payments will be made from the $2,516,890 settlement fund after certain expenses and the claims for reimbursement are paid, court documents state.

Any funds left over for more than 120 days after class members receive compensation from the settlement will be distributed as a subsequent payment to a nonprofit, subject to the court’s approval.

According to court documents, approximately 251,689 people are class members for the Bay Bridge Administrators data breach settlement.

A final approval hearing is scheduled for July 30, 2024. Class members covered by the settlement who submit timely, valid claims will begin to receive compensation once the court grants final approval to the deal and any appeals or objections are resolved.

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements

Bay Bridge Administrators, LLC (BBA) faces a proposed class action lawsuit that claims a data breach reportedly discovered in September 2022 was a direct result of the company’s allegedly deficient cybersecurity system.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 42-page lawsuit says that although the third-party employment insurance company claims to have first learned of the cyberattack on September 5 of last year, a subsequent investigation revealed that hackers gained access to the defendant’s computer network sometime before August 25 and were able to obtain certain data around September 3. The suit relays that some of the personal information compromised in the breach included consumers’ names; addresses; contact information; Social Security; financial account and driver’s license numbers; medical details; and health insurance information.

The “foreseeable” cyberattack was a result of BBA’s failure to take basic cybersecurity precautions to protect consumers’ personal data, which it stored unencrypted and in a “dangerous condition” on its computer systems, the case contends.

Per the complaint, the company also purportedly failed to provide prompt notice of the breach to victims. Though the defendant says it discovered the ransomware attack in early September 2022, BBA only began notifying those impacted by the breach almost four months later, in late December of that year, the filing says.

In its notice, BBA gave few specifics as to the precise data that was compromised and extracted during what it merely refers to as a “network disruption consistent with a ransomware attack,” the lawsuit relays.

The suit argues that the company should have been “well aware of the risk of being targeted by cybercriminals” in light of the vast database of personal information stored in its network. By collecting and using this sensitive data for its own commercial profit, BBA had a legal duty to secure it against unauthorized disclosure, the case charges.

The defendant has offered victims a two-year subscription to identity theft protection services—a “wholly inadequate” gesture considering the heightened risk of fraud and illegal activity that victims likely face for the rest of their lives, the complaint emphasizes.

The plaintiff, a Texas resident affiliated with the defendant, received notice on December 29, 2022, that his personal information had been compromised in the data breach, the filing says. As the case tells it, the man has received since the cyberattack numerous spam calls, texts, and emails each day and has also been informed that his email address was spotted on the dark web—likely sold by cybercriminals.

The lawsuit looks to represent anyone whose personal information was stored on the computer systems of Bay Bridge Administrators, LLC and who received notice of the data breach discovered in September 2022.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

Case Spotlight

Video Game Addiction Lawsuits

If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.

Learn more:Video Game Addiction Lawsuit

Depo-Provera Lawsuits

Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.

Read more: Depo-Provera Lawsuit

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on May 8, 2024 — 4:13 PM

Kelsey McCroskey

kelsey@classaction.org

Kelsey works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.