Data Breach Lawsuit

(Updated Dec. 20, 2017)

A data breach occurs when an unauthorized person gains access to confidential information for personal or political gain. Data breaches like the Alteryx breach—which compromised 123 million consumers’ data—and the Yahoo breaches of 2013 and 2014—which compromised 1.4 billion accounts—frequently lead to identity theft and financial losses. The victims of these breaches may qualify for a lawsuit.

When a company fails to exercise reasonable care in protecting customers’ information, affected consumers may be able to file a class action lawsuit.

When a company fails to exercise reasonable care in protecting its customers’ information, affected consumers may be able to unite and file a class action lawsuit against the company.

These lawsuits can net plaintiffs millions of dollars in damages, which is only fair given how devastating a breach can be to a person’s finances, privacy, reputation, and credit score.

Data breaches have become increasingly common over the past several years. In addition to consumers, these breaches can put a considerable burden on banks and credit card companies, which must respond to a flood of fraud claims and canceled cards.

Thankfully, many data breach victims receive compensation for damages through multimillion-dollar settlements. If you or a loved one suffered financial losses from a data breach, contact us for a free legal consultation.

Recent Breaches Include Equifax and Yahoo

On September 7, 2017, Equifax announced that unauthorized users accessed the names, Social Security numbers, birth dates, addresses and (in some cases) driver’s license numbers of 143 million consumers from mid-May through July 2017. Equifax also admitted that credit card numbers for approximately 209,000 U.S. consumers were accessed. attorney John Yanchunis filed a lawsuit over this massive breach of security that same night.

Read the Complaint

Mr. Yanchunis is also lead counsel in the case against Yahoo. In December 2016, Yahoo announced that 1 billion users’ information had been stolen in August 2013. This occurred just a few months after Yahoo announced that 500 million users’ data had been breached in 2014. This information included names, email addresses, dates of birth, phone numbers, passwords, etc. (Check these FAQs on the Yahoo data breach and how it might affect you.)

In response, attorneys filed a negligence lawsuit against YahooMr. Yanchunis was named lead counsel in this case—the largest class action lawsuit in history.

In April 2017, the Intercontinental Hotels Group (IHG) announced that a whopping 1,200 hotel locations in the U.S. and Puerto Rico had been subject to a three-month-long data breach. IHG hotels include Holiday Inns and Holiday Inn Expresses.

In February 2017, fast food chain Arby’s acknowledged a massive breach at its stores that allegedly impacted 355,000 credit and debit cardholders.

IHG announced that 1,200 of its hotels, including Holiday Inns and Holiday Inn Expresses, had been subject to a three-month-long data breach.

In May 2016, Wendy’s suffered a breach that compromised roughly 300 of its 5,500 restaurants. That means that any customer who used a credit card at one of these 300 restaurants at the time of the breach was vulnerable to credit card fraud and identity theft.

Around the same time, several mega-breaches involving LinkedIn, Tumblr, MySpace, and Dropbox surfaced. The breaches occurred in 2012 and 2013, but the hundreds of millions of stolen email addresses and passwords later surfaced—for sale—in online black markets.

In light of the data breaches cited above, tech companies urged consumers to change their passwords, and Netflix and Facebook (not affected by the breaches, as far as we know) reset customers’ passwords as well, for safety’s sake.

But a data breach doesn’t go away after a company updates their security measures, or after a consumer updates his or her password/PIN. A breach that occurred years ago can come back to haunt the users whose information was stolen.

The potentially devastating effects are why these breaches so often lead to huge settlements for victims.

Anthem Settles Data Breach Lawsuit for $115M

In June 2017, America’s largest insurance company, Anthem Inc., agreed to a $115 million settlement after a breach compromised 80 million customers’ private data. Pending approval by a judge in San Jose, California, this would be the largest data breach settlement in history.

The previous year, in March 2016, Home Depot agreed to pay $19.5 million to consumers affected by its 2014 data breach ($13 million to reimburse shoppers for losses and $6.5 million toward identity protection services). A year later, Home Depot agreed to pay $25 million to several dozen banks and credit card companies, bringing its total breach-related expenses to $179 million.


Theirs is just one of many multimillion-dollar settlements that have been reached after data breaches. Sony paid $15 million to settle a data breach suit—and $8 million to settle another. Target paid $10 million. LinkedIn paid $1.25 million to settle theirs (which, given recent events, seems like a bargain).

In general, companies much prefer settling cases out of court to going to trial. But that is especially true for data breach lawsuits, because there is almost no court precedent for these kinds of cases.

Companies like Home Depot and Sony have no idea what would happen if they went to trial to fight a data breach suit, which is a scary prospect.

Notable Data Breach Settlements

Here are some of the most notable data breach settlements over the past several years:

  • Anthem: $115 million (pending judge’s approval)
  • Target: $28.5 million ($18.5M for states, $10M for consumers)
  • Home Depot (affected 50 million cardholders): $19.5 million settlement
  • Sony (PlayStation network breach): $15 million
  • Ashley Madison: $12.8 million ($11.6M for consumers, $1.2M for states and the FTC)
  • Sony (employee information breach): $8 million
  • Stanford University Hospital and Clinics: $4.1 million
  • AvMed Inc.: $3.1 million
  • Vendini: $3 million
  • Schnuck Markets: $2.1 million

As data breaches continue to grow in both frequency and scale, the resulting settlements will follow suit.

How to Tell If You’ve Been Breached

If you were the victim of a data breach, the compromised company should have notified you, probably via email. If they didn’t, and you learned they were breached through other means, you should contact them immediately to learn if it affected your personal information or privacy.

To check if your data was hacked in a web breach, visit Have I Been Pwned, a website created by Troy Hunt, a web security expert and Regional Director for Microsoft. Just enter your email address, and the site will tell you if or when your personal information was compromised.

If you notice suspicious activity on your credit card or bank account, you may have been the victim of identity theft. Call your bank or financial institution immediately to report the fraudulent activity and take appropriate action.

You may also want to contact us to pursue your legal options.

How to Protect Yourself from Identity Theft

In general, the best way to protect yourself from data breaches is to use a strong and unique password for each account or website. (Apps like LastPass help store them for you.) Don’t recycle passwords or use the same one for years on end. Don’t make your password your birthday, “Password123,” or something like “dadada.”

Set up multi-step verification whenever possible, and cover your PIN when you enter it at stores or ATMs. All of these measures can help protect you and your identity in the event of a breach.

Data Breach Lawsuit Eligibility

Only a licensed attorney can determine if you are eligible for a data breach lawsuit. To do so, he or she will do the following:

  • Determine if the company failed to adopt safeguards that would have prevented the data breach from occurring, such as encrypting personal information belonging to customers
  • Determine if the company notified customers as soon as possible after it learned of the data breach
  • Obtain a complete list of all the individuals affected by the breach
  • Review the company’s policies and customer agreements to determine if the company violated them
  • Compare the company’s policies to industry standards

The attorney will also determine if any state laws have been violated. For example, Florida requires companies that were victims of data theft to report the breach to any customers whose data was stolen within 45 days of the breach’s discovery.

If you meet the eligibility criteria, you could receive compensation for damages suffered in the breach.

Data Breach Damages

An attorney can also help determine the damages you incurred from the data breach, and seek reimbursement for these losses. These may include:

  • The cost of replacing credit and debit cards, and obtaining credit reports and credit insurance
  • Service fees charged by companies that will help secure personal information and monitor your accounts to make sure fraudulent activity is not occurring
  • Expenses associated with correcting erroneous information
  • Any out-of-pocket expenses you incur as a result of the breach

Victims also suffer an emotional toll from identity theft and privacy invasion, which could factor into the compensation sought. 

We Want to Hear from You

At, our attorneys are dedicated to helping consumers who suffered financial or reputational harm from a data breach. We hold the powerful accountable by filing lawsuits against the companies that were subject to these destructive breaches.

We have helped more than 200,000 clients win $2 billion in settlements and awards—and we only collect a fee if we resolve your case successfully.

If your credit card information, social security number, email address, password/PIN, or other private information was stolen as result of a data breach, we would like to hear from you. Contact us for a free legal consultation today.