February 6, 2024 – ReproSource Data Breach Lawsuit Resolved with $1.25M Settlement
The proposed class action lawsuit detailed on this page has been settled for $1.25 million.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The proposed settlement, if preliminarily approved by the court, will cover anyone whose personal information was compromised in the ReproSource Fertility Diagnostics data breach and to whom the company sent written notice about the incident in or around October 2021. The number of class members is estimated to be more than 228,000 people, the settlement agreement says.
The plaintiffs first notified the court of the agreement with ReproSource, and filed an unopposed motion and attendant memo detailing the terms of the deal, on January 10, 2024. The parties now await initial approval of the settlement terms from United States District Judge George A. O’Toole, Jr.
Per the agreement, eligible class members may submit a claim for out-of-pocket losses—i.e., monetary costs incurred since August 8, 2021 that are “more likely than not” traceable to the data breach and supported by reasonable documentation—for up to $3,000 per person. These class members may also submit a claim for up to eight hours of lost time spent addressing issues related to the incident, at a rate of $20 per hour, the document relays.
Moreover, the proposed deal will provide class members with the option to claim three years of credit monitoring and insurance services—a benefit available to all individuals regardless of whether they accepted previous offerings of such services from ReproSource, the settlement agreement shares.
Alternatively, the document says, class members may submit a claim for a cash payment of $50. However, class members who elect to receive the cash payment are not entitled to any other settlement benefit, the agreement specifies.
The document further notes that in addition to the aforementioned benefits, class members who reside in California are entitled to an added $50 cash payment. According to the agreement, all payments will be adjusted on a pro rata basis depending on the total number of valid claims.
Finally, as part of the deal, ReproSource has also agreed to adopt measures to enhance its cybersecurity, the plaintiffs’ memo adds.
Court records indicate that a preliminary approval hearing is scheduled for February 14, 2024.
Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.
ReproSource Fertility Diagnostics, Inc. faces a proposed class action over an August 2021 data breach that reportedly affected more than 350,000 patients.
According to the 52-page lawsuit, the fertility testing company has failed to implement reasonable data security measures to protect patients’ personal information—including names, mail and email addresses, dates of birth, Social Security numbers, health insurance billing information and treating physician details—from unauthorized access. Moreover, the case contends that ReproSource unreasonably delayed notifying those whose information was compromised in the breach, and offered what the suit calls “woefully inadequate” relief in the form of only 12 months of identity monitoring services that require consumers to disclose additional personally identifiable information.
Per the case, the defendant disregarded patients’ privacy rights by “intentionally, willfully, recklessly, or negligently” failing to safeguard their information. The lawsuit relays that the company’s failure to protect patient information is “especially egregious” given ReproSource operates in a field that has been frequently targeted by cybercriminals.
According to the lawsuit, ReproSource provides a variety of fertility diagnostics to patients across the country, and in the process collects their personally identifiable information. The suit says the defendant learned in August 2021 that an unauthorized party had gained access to its network on which patients’ data was stored. Though the data breach took place on August 8, ReproSource waited until October to notify those whose information may have been compromised, according to the complaint.
The case claims ReproSource has offered “no explanation” for the delay in notifying potential victims of the data breach, who allegedly suffered additional harm that could have been avoided had a timely disclosure been issued.
Moreover, the lawsuit claims ReproSource’s data breach notice was “woefully deficient” in that it failed to provide certain details about the incident, including how the unauthorized parties were able to gain access to the company’s system, whether the sensitive information was encrypted, how the breach was discovered, whether it was system-wide, whether servers storing information were accessed and how many patients were affected.
The case posits that the data breach may have been prevented had ReproSource implemented cybersecurity protocols recommended by the U.S. government and Microsoft Threat Protection Intelligence Team.
“These are basic, common-sense email security measures that every business, not only healthcare businesses, should be doing,” the complaint scathes. “ReproSource, with its heightened standard of care should be doing even more. But by adequately taking these common-sense measures, ReproSource could have prevented this Data Breach from occurring.”
The suit goes on to criticize the defendant’s offer of 12 months of credit monitoring, calling the measure “ineffective” for those whose information was compromised. According to the case, patients would be required to disclose their personal information in order to use the services despite the fact that ReproSouce “had just demonstrated it could not be trusted” with the sensitive data. The lawsuit further stresses that while some harm has already been done, “the worst may be yet to come” given there is often a delay between when private information is acquired and when it is used.
According to the suit, victims of the breach have been exposed to “an impending, imminent, and ongoing increased risk of fraud, identity theft, and other misuse of their Private Information.”
The lawsuit looks to represent anyone whose private information was compromised as a result of the ReproSource Fertility Diagnostics data breach discovered around August 10, 2021 and was sent notice of the data breach.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.