Active case
Cybersecurity Data Breach Lawsuits
Technology plays a central role in all our lives, shaping how we work, communicate and interact with the world around us.
Connect with an attorney
Most people, by necessity, maintain some level of online presence. We conduct our banking, purchase insurance, schedule appointments, shop, and connect with others via a wide array of websites, apps and platforms. Every one of these interactions involves sharing some form of Personally Identifiable Information (PII). Certain interactions may involve sharing Protected Health Information (PHI). Technology has advanced to the point of greatly simplifying our life while at the same time requiring us to put our trust in the companies that we share this information with to protect it. Unfortunately, many times, the companies we trust to protect our PII and PHI fail to do so. As technology evolves, so does the risk of cyber threats by bad actors.
What is Personally Identifiably Information (PII)?
PII is any information connected to a specific individual that could be used to uncover that individual’s identity. Types of PII could include:
- Addresses
- Email addresses
- Employment information
- Full names
- Generational surnames (i.e. mother’s maiden name)
- Internet protocol (IP) addresses
- Places/Dates of birth
- Telephone numbers
Particularly sensitive PII includes:
- Financial account numbers
- Social Security numbers
- Unique identification numbers (i.e. driver’s license number, passport number, or other government-issued ID numbers
What is Protected Health Information (PHI)?
PHI is any information in an individual’s medical record or designated record set that can be used to identify an individual and that was created, used, or disclosed while providing a health care service. Types of PHI could include:
- Account numbers
- Beneficiary numbers
- Biometric IDs (i.e. fingerprints, voice prints or retinal scans)
- Certificate or license numbers
- Device identifiers and serial numbers
- Diagnoses
- Insurance policy numbers
- Medical record numbers
- Or any unique identifying number or code that may be used by a health care provider
Consequences of a data breach
Bad actors are increasingly gaining access to our PII and PHI. Often, bad actors will initiate a ransomware attack, after which, they will hold data until they are paid by the targeted company for its return. Sometimes it is an identity theft scheme, or more often than not a combination of both. When your data has been exposed by a data breach, the fear, anxiety, stress, and potential economic consequences can be overwhelming.
Companies are constantly collecting our data for everything from minor purchases to health care. These companies have a duty to protect the data collected and, should a breach occur, handle any problems and communicate in a responsible manner. Unfortunately, too often when a company suffers a breach they spend weeks, months, or even years attempting to conceal the fact that a cybersecurity vulnerability in their systems led to a breach or that a breach even occurred. Many times, consumers don’t learn about the breach until their compromised data has already been used to their detriment. This needs to change.
Motley Rice is at the forefront of representing data breach victims and holding companies accountable for their cybersecurity failures. Our attorneys have a wealth of knowledge and experience in litigation involving cybersecurity breaches that have impacted millions of victims.
Motley Rice represents clients in breaches including:
Equifax data breach
Motley Rice attorneys represented clients impacted by a data breach suffered by Equifax in 2017. The attack, one of the largest data breaches ever recorded, compromised the Social Security numbers and other personal information for as many as 143 million Americans. Equifax failed to ensure adequate safety measures were in place to protect consumers and their most sensitive information, the litigation alleged. The litigation resulted in the largest historic data breach settlement of $1.5 billion.
21st Century Oncology data breach
21st Century Oncology, a cancer care company with 145 treatment centers in 17 states and more than 900 doctors globally, suffered a data breach that compromised names, Social Security numbers, medical records, and insurance information for 2.2 million patients. Motley Rice attorney Jodi Westbrook Flowers served as co-liaison counsel for the plaintiffs, arguing the company failed to properly secure the information and notify patients in a timely manner once the breach occurred. A $12.5 million settlement resolved the litigation in 2021.
Blackbaud data breach
Blackbaud, a Charleston, S.C., based software company that provides cloud-based services to charitable foundations, educational and health institutions, religious organizations, and other nonprofits is at the center of a 2020 data breach. Due to Blackbaud’s lax security measures millions of names, addresses, phone numbers, account numbers, and other personal information —including that of children—were compromised in a ransomware attack and resulting data breach, plaintiffs allege. Motley Rice attorney Marlon Kimpson serves as co-lead counsel for this ongoing litigation.
Facebook consumer privacy litigation
Facebook has come under scrutiny and is facing dozens of lawsuits after enabling a political data firm to potentially violate privacy laws by collecting private information from more than 87 million of the social media network’s users without their knowledge or permission. In April 2018, Facebook began notifying users if their private information was included. It is believed that more than 87 million users had their personally identifying information exposed to Cambridge Analytica in this breach. Meta Platforms, formerly Facebook, settled this case in October 2023 for $725 million.
Contact Motley Rice
If you suspect or know that your personal information (PII and/or PHI) has been compromised by a data breach, you may have a consumer fraud or economic loss claim. Contact our team of attorneys at Motley Rice lead by Jodi Westbrook Flowers. Call 1.800.768.4026 or email us.
*Prior results do not guarantee a similar outcome.