Data Breach Lawsuit

When a data breach occurs, affected consumers may be able to unite and file a class action lawsuit against the company that failed to protect their information.

Contact us for a free legal consultation.


Data Breach Lawsuit

(Updated November 30, 2018)

A data breach occurs when an unauthorized person gains access to confidential information for personal or political gain. Data breaches like the Marriott breach—which allegedly compromised up to 500 million consumers' data—and the Yahoo breaches of 2013 and 2014—which compromised 1.4 billion accounts—frequently lead to identity theft and financial losses. The victims of these breaches may qualify for a lawsuit.

When a company fails to exercise reasonable care in protecting customers’ information, affected consumers may be able to file a class action lawsuit.

When a company fails to exercise reasonable care in protecting its customers’ information, affected consumers may be able to unite and file a class action lawsuit against the company.

These lawsuits can net plaintiffs millions of dollars in damages, which is only fair given how devastating a breach can be to a person’s finances, privacy, reputation, and credit score.

Data breaches have become increasingly common over the past several years. In addition to consumers, these breaches can put a considerable burden on banks and credit card companies, which must respond to a flood of fraud claims and canceled cards.

Thankfully, many data breach victims receive compensation for damages through multimillion-dollar settlements. If you or a loved one suffered financial losses from a data breach, contact us for a free legal consultation.

Marriott Hit With Class Action Lawsuit Over Data Breach

"When guests stay at hotels, they trust the hotel will provide adequate security—both physical and the protection of their private information."

On November 30, 2018, news broke that Marriott suffered a data breach that may have compromised the personal information of 500 million consumers. The breach affected customers who made reservations at Starwood properties. attorney John Yanchunis filed a lawsuit against Marriott that same day. The complaint alleges that Marriott failed to exercise reasonable care in safeguarding and protecting customers’ personal information (PII), including designing and maintaining security systems to ensure the data was adequately secured and protected.

"Large, sophisticated companies like Marriott are not blind to the risks posed by cyber criminals, who are constantly attempting to infiltrate corporations that store sensitive consumer information," said Mr. Yanchunis. "The fact that a breach that began in 2014 went undetected for four years is shocking and horrifying."

"When guests stay at hotels, they trust the hotel will provide adequate security—both physical and the protection of their private information. It appears that the trust 500 million people placed in Marriott/Starwood was violated—for nearly half a decade."

Recent Breaches Include Exactis, Equifax, and Yahoo

In June 2018, security researcher Vinny Troia, of Night Lion Security, discovered a breach that is one of the largest ever in scale and information disseminated.

Close to 230 million individual records and 110 million business records from marketing and data aggregation firm Exactis were allegedly unprotected by a password-protected firewall or any form of encryption. Breached records included phone numbers, home and email addresses, personal interests and preferences, and other sensitive information.

"In collecting, maintaining, and selling private information, Exactis has a responsibility to protect the data it collects."

On June 29, 2018, attorney John Yanchunis filed a lawsuit, which is seeking class action status, on behalf of lead plaintiff Kenneth Heretick and all others similarly situated.

"The breadth and depth of this data breach is simply staggering, with nearly every U.S. citizen allegedly affected," said Mr. Yanchunis. "In collecting, maintaining, and selling private information, Exactis has a responsibility to protect the data it collects."

Read the Complaint

Mr. Yanchunis is also on the steering committee for the Equifax data breach, and the lead counsel for the Yahoo data breach.

The Equifax breach exposed names, Social Security numbers, birth dates, addresses, and in some cases driver’s license numbers and credit card numbers of 143 million consumers from mid-May through July 2017.

In December 2016, Yahoo announced that 1 billion users' information had been stolen in August 2013. This occurred just a few months after Yahoo announced that 500 million users' data had been breached in 2014. This information included names, email addresses, dates of birth, phone numbers, passwords, etc. (Check these FAQs on the Yahoo data breach and how it might affect you.)

In response, attorneys filed a negligence lawsuit against YahooMr. Yanchunis was named lead counsel in this case—the largest class action lawsuit in history.

The potentially devastating effects are why these breaches so often lead to huge settlements for victims.

Anthem Settles Data Breach Lawsuit for $115M

In June 2017, America’s largest insurance company, Anthem Inc., agreed to a $115 million settlement after a breach compromised 80 million customers’ private data. This is the largest data breach settlement in history.

The previous year, in March 2016, Home Depot agreed to pay $19.5 million to consumers affected by its 2014 data breach ($13 million to reimburse shoppers for losses and $6.5 million toward identity protection services). A year later, Home Depot agreed to pay $25 million to several dozen banks and credit card companies, bringing its total breach-related expenses to $179 million.


Theirs is just one of many multimillion-dollar settlements that have been reached after data breaches. Sony paid $15 million to settle a data breach suit—and $8 million to settle another. Target paid $10 million. LinkedIn paid $1.25 million to settle theirs (which, given recent events, seems like a bargain).

In general, companies much prefer settling cases out of court to going to trial. But that is especially true for data breach lawsuits, because there is almost no court precedent for these kinds of cases.

Companies like Home Depot and Sony have no idea what would happen if they went to trial to fight a data breach suit, which is a scary prospect.

Notable Data Breach Settlements

Here are some of the most notable data breach settlements over the past several years:

  • Anthem: $115 million
  • Target: $28.5 million ($18.5M for states, $10M for consumers)
  • Home Depot (affected 50 million cardholders): $19.5 million settlement
  • Sony (PlayStation network breach): $15 million
  • Ashley Madison: $12.8 million ($11.6M for consumers, $1.2M for states and the FTC)
  • Sony (employee information breach): $8 million
  • Stanford University Hospital and Clinics: $4.1 million
  • AvMed Inc.: $3.1 million
  • Vendini: $3 million
  • Schnuck Markets: $2.1 million

As data breaches continue to grow in both frequency and scale, the resulting settlements will follow suit.

How to Tell If You’ve Been Breached

If you were the victim of a data breach, the compromised company should have notified you, probably via email. If they didn’t, and you learned they were breached through other means, you should contact them immediately to learn if it affected your personal information or privacy.

To check if your data was hacked in a web breach, visit Have I Been Pwned, a website created by Troy Hunt, a web security expert and Regional Director for Microsoft. Just enter your email address, and the site will tell you if or when your personal information was compromised.

If you notice suspicious activity on your credit card or bank account, you may have been the victim of identity theft. Call your bank or financial institution immediately to report the fraudulent activity and take appropriate action.

You may also want to contact us to pursue your legal options.

How to Protect Yourself from Identity Theft

In general, the best way to protect yourself from data breaches is to use a strong and unique password for each account or website. (Apps like LastPass help store them for you.) Don’t recycle passwords or use the same one for years on end. Don’t make your password your birthday, “Password123,” or something like “dadada.”

Set up multi-step verification whenever possible, and cover your PIN when you enter it at stores or ATMs. All of these measures can help protect you and your identity in the event of a breach.

Data Breach Lawsuit Eligibility

Only a licensed attorney can determine if you are eligible for a data breach lawsuit. To do so, he or she will do the following:

  • Determine if the company failed to adopt safeguards that would have prevented the data breach from occurring, such as encrypting personal information belonging to customers
  • Determine if the company notified customers as soon as possible after it learned of the data breach
  • Obtain a complete list of all the individuals affected by the breach
  • Review the company’s policies and customer agreements to determine if the company violated them
  • Compare the company’s policies to industry standards

The attorney will also determine if any state laws have been violated. For example, Florida requires companies that were victims of data theft to report the breach to any customers whose data was stolen within 45 days of the breach’s discovery.

If you meet the eligibility criteria, you could receive compensation for damages suffered in the breach.

Data Breach Damages

An attorney can also help determine the damages you incurred from the data breach, and seek reimbursement for these losses. These may include:

  • The cost of replacing credit and debit cards, and obtaining credit reports and credit insurance
  • Service fees charged by companies that will help secure personal information and monitor your accounts to make sure fraudulent activity is not occurring
  • Expenses associated with correcting erroneous information
  • Any out-of-pocket expenses you incur as a result of the breach

Victims also suffer an emotional toll from identity theft and privacy invasion, which could factor into the compensation sought. 

We Want to Hear from You

At, our attorneys are dedicated to helping consumers who suffered financial or reputational harm from a data breach. We hold the powerful accountable by filing lawsuits against the companies that were subject to these destructive breaches.

We have helped more than 200,000 clients win $2 billion in settlements and awards—and we only collect a fee if we resolve your case successfully.

If your credit card information, social security number, email address, password/PIN, or other private information was stolen as result of a data breach, we would like to hear from you. Contact us for a free legal consultation today.

Did you find what you need?