Data Breach Settlement
(Updated November 30, 2018)
Data breaches are on the rise, putting more customers at risk of fraud and identity theft every year. Hackers can access everything from email passwords to Social Security numbers, making data breaches like Yahoo’s in 2013 and 2014—which compromised 1.4 billion accounts—potentially devastating for consumers.
Companies are required to exercise reasonable care to protect the data of customers and employees. When they fail to do so, and/or fail to inform consumers of a breach in a timely manner, consumers can unite to file a class action lawsuit against the company or website.
For example, the Marriott data breach that impacted nearly 500 million consumers means the company will likely face a class action lawsuit.
Settlements that resolve data breach lawsuits have awarded tens of millions of dollars to affected consumers.
Anthem (2017) — $115 million
In June 2017, America’s largest insurance company, Anthem Inc., agreed to a $115 million settlement after a breach compromised 80 million customers’ private data. This is the largest data breach settlement in history.
The money will go in part toward credit monitoring for impacted consumers. Some consumers will instead receive $50 cash.
Home Depot (2017) — $25 million
In March 2017, Home Depot’s data breach expenses soared once again when it agreed to a $25 million settlement with dozens of banks and credit card companies impacted by its 2014 breach. Fortune reports that, as part of the settlement, Home Depot must tighten its cybersecurity and “subjects its vendors to more scrutiny.”
Fortune also says that Home Depot’s total losses for the data breach have now reached $179 million, according to court documents.
Home Depot (2016) — $19.5 million
Between April and September 2014, a hacker breached Home Depot’s security and accessed the details of more than 50 million credit cards and email addresses, making it one of the largest data breaches in history.
In March 2016, the company agreed to settle, paying a total of $19.5 million to customers ($13 million to reimburse incurred expenses, and $6.5 million for identity protection services for 18 months). Additionally, Home Depot agreed to make improvements to its security processes, including hiring a chief information security officer.
Ashley Madison (2016-2017) — $12.8 million
In July 2015, a data breach exposed 36 million accounts at the controversial Toronto-based dating site Ashley Madison, which was designed to help people find sexual partners outside of their relationships. (Its former motto: “Life is short, have an affair.”)
In December 2016, Ashley Madison agreed to pay $1.6 million to settle data breach lawsuits filed by the U.S. Federal Trade Commission (FTC) and 13 states (plus the District of Columbia), which alleged that the company failed to protect its customers’ data.
Then, in July 2017, Ashley Madison reached an $11.2 million settlement to resolve more than 20 lawsuits filed by customers impacted by the breach. Victims who suffered identity theft as a result of the breach could receive as much as $2,000 under the terms of the settlement.
LinkedIn (2015) — $1.25 million
LinkedIn’s 2012 data breach resulted in 6.5 million user passwords being published online. Khalilah Gilmore-Wright led a class action lawsuit against the company, claiming that she and other premium subscribers purchased LinkedIn’s service with the understanding that that the online network offered industry-standard security.
LinkedIn settled on September 21, 2015. The agreement included a $1.25 million fund to compensate users who paid for premium subscriptions between March 2006 and June 2012. LinkedIn also agreed to update its security measures to protect passwords better.
Target (2015) — $28.5 million
After a massive security breach hit Target over the 2013 holiday season, the retailer was faced with multiple lawsuits from consumers and banks alike. The malware that infected the company compromised 42 million credit and debit cards and the names and addresses of 61 million customers.
In March 2015, the company settled a federal class action lawsuit, paying a whopping $10 million to customers. The company also agreed to improve their security measures, including hiring a chief information security officer and offering security training to employees.
Then, in May 2017, Target agreed to pay an additional $18.5 million to 47 states and the District of Columbia to resolve a massive investigation by state attorney generals. (Alabama, Wisconsin, and Wyoming were not part of the agreement.)
Target has now spent more than $200 million in settlements and legal fees as a result of the data breach.
Sony (2015) — $8 million
When Sony’s The Interview quickly turned a Hollywood comedy into a political nightmare, Sony was not just embroiled in discussions about free speech: they also witnessed North Korean hackers break through their inadequate security measures and steal employees’ personal data. Leaked emails were embarrassing enough, but employees also learned that their salary and health details were accessed.
In October 2015, Sony tried to put the 2014 hack behind them when they agreed to an $8 million settlement. More than half that sum, $4.5 million, was allocated to cover identity protection services and reimburse employees who were victims of identity theft.
Avmed (2014) — $3 million
More than one million customers were at risk of identity theft when two Avmed company laptops were stolen. The names, Social Security numbers, addresses and phone numbers of users were compromised during the 2009 hack.
Avmed settled the class action lawsuit against them in 2014. They agreed to pay $3 million to customers. Importantly, customers did not have to suffer monetary losses from the breach in order to benefit from the settlement.
Stanford Hospital & Clinics (2014) — $4.125 million
For almost a year, starting in September 2010, the medical information of nearly 20,000 Stanford Hospital emergency room patients was published online.
A class action lawsuit filed by Shana Springer in 2011 accused Stanford Hospital of violating the Confidentiality of Medical Information Act. Stanford agreed to a $4.125 million settlement in 2014, which would award each affected patient a little more than $100 and allocate $500,000 to educate vendors on privacy breaches.
Vendini (2014) — $3 million
Vendini, the live events ticket seller, was hacked in April 2013. Customer names, contact information, and payment card information were stolen.
In January of the following year, lead plaintiffs Lanie Lim and John Lewart filed a class action lawsuit. In October 2014, Vendini agreed to a $3 million settlement to cover all claimants’ expenses.
Schnuck Markets (2013) — Undisclosed
In a data breach that affected Schnuck Markets from December 2012 to March 2013, 2.4 million credit and debit cards were compromised. A class action lawsuit was filed on behalf of Susan McGann and other Schnuck customers soon after. It claimed that the company did not notify customers in a timely manner and failed to secure consumer financial data.
Schnuck Markets quickly agreed to a settlement in July 2013. The terms included reimbursement of out-of-pocket expenses caused by the breach and up to $10,000 paid to each victim of identity theft.
Yahoo — Ongoing
In September 2016, Yahoo announced what could be the largest data breach in history, affecting more than 500 million users. The stolen information included usernames, birth dates, passwords, and security questions and answers.
Shortly thereafter, ClassAction.com attorneys filed a negligence lawsuit against the tech giant for failing to protect and inform consumers. The complaint alleges that Yahoo failed to safeguard users’ personal information and did not provide timely, accurate, or adequate notice of the data breach.
If you suffered financial or reputational harm due to a data breach, we may be able to help. Our attorneys have successfully represented customers in some of the largest data breaches in history, including the class action lawsuit against Home Depot, which resulted in a $19.5 million settlement.
Contact us today for a free, no-obligation case review.