Data Breach Broker Sells 368.8 Million Stolen Records on Hacker Forum

Data theft is often financially driven. Following data breaches, hackers can profit from stolen data by selling it in mass on the dark web or other black market forums, or use it themselves to engage in identity theft. 

Recently, it was reported that a data breach broker was selling the allegedly-stolen user records for 26 companies on a hacker forum. 

Bleeping Computer, an information security and technology news publication, reports that records stolen from Teespring are being sold for $3,800-$4,000, MyON for $2,800, and Chqbook for $1,800. The data breach broker would not confirm pricing for the data stolen from the other databases.

This broker was selling a combined total of 368.8 million stolen user records, according to reports. 

As stated by Bleeping Computer, 8 of the 26 companies with stolen data had not previously disclosed a breach prior to appearing in the hacker forum—including,,,,,,, and See the full list of companies whose alleged data is being sold here.

If you were the victim of a data breach, the compromised company should have notified you. However, if you learned they were breached through other means, it’s important to contact the company immediately to learn if your personal information or privacy was affected.

What to Do if Your Data’s Been Breached

If your data has been compromised, it’s important to monitor your credit card and bank account for any suspicious activity. If you notice suspicious charges, you may have been the victim of identity theft. You should call your bank or financial institution as soon as possible to report this fraudulent activity and take appropriate action.

You may also want to contact one of our experienced data breach attorneys to pursue your legal options. 

At, our attorneys are dedicated to helping you and all who have suffered financial or reputational harm from a data breach. You can count on us to hold the powerful accountable by filing lawsuits against the companies that put your data at risk.

If you’re the victim of a data breach, contact us today for a free, no-obligation legal consultation. There are no upfront costs, and we only collect a fee if we resolve your case successfully.

Financial Technology Company Plaid Accused Of Banking Data Ripoff 

Venmo, Stripe, Square’s Cash App, and Coinbase are just a few of the thousands of financial services apps that use banking authentication services provided by a company called Plaid. Founded in 2013, Plaid, a financial technology company, claims to connect to more than 11,000 banking institutions worldwide, allowing them to interact with day-to-day banking, investment, and cryptocurrency apps used by millions. This has given the company an extraordinary level of access to a truly massive amount of user banking information.  

A class action lawsuit filed against Plaid in early May 2020 alleges that the company used that access to illegally collect detailed private user banking data. This information was then sold to other parties. Plaid allegedly collected data going back five years, with an average of 3,700 transactions per user accessed, according to the lawsuit. 

Plaid provides account authentication services for non-bank financial services apps. These include payment apps like Square’s Cash App, investment apps like Robinhood, and cryptocurrency apps like Coinbase. These apps require that users link their on-app account to a bank account, and Plaid is the portal through which that link can be created and authenticated. Plaid’s services are used by more than 2,000 apps. As a result, Plaid has access to the bank accounts of nearly 1 in 4 Americans. 

This extensive access allegedly allowed Plaid to improperly access and sell the private information contained in more than 200 million accounts. Aside from any direct financial benefit Plaid obtained from selling this information, their expertise in collecting and handling financial data greatly increased their value as a company in the financial technology industry. According to industry observers, Plaid’s valuation in 2018 at $2.65 billion and Visa’s acquisition of the company in 2020 for $5.3 billion can be at least partially attributed to the mountain of individual banking data it has acquired. 

Illusion Of Banking Security 

Plaid became part of the bedrock of day-to-day financial activity so quietly that many Americans might have never heard of it, despite the fact that it powers so many of the financial apps we use every day. 

As outlined in the complaint, when users are prompted to link their bank account when they open an account with, for example, Venmo, they are taken to a Plaid authentication screen. But users might not realize, because instead of Plaid’s logo and branding, the screen is instead designed to look like it belongs to the bank itself. So if a user was trying to connect a Bank of America account, they would be taken to a screen featuring the Bank of America logo and branding. 

This practice allowed Plaid to collect the banking information of millions of people, all while staying under the radar. 

Fighting For Accountability And Compensation 

“Among the most valuable and sensitive of all consumer data is the personal financial information maintained in consumers’ banking and other financial accounts.” Those who have had their private financial information misused and exploited for corporate gain deserve to see Plaid held accountable and forced to change its behavior. Furthermore, Plaid should pay compensation for the damages they have caused. 

Morgan & Morgan data breach lawyers are fully invested in the fight for data privacy and security for all Americans. Led by John Yanchunis, a national leader in the field of data breach lawsuits, our lawyers have achieved meaningful results and made a real difference in the everyday lives of millions. 

If you have had your data improperly accessed, handled, or exposed due to the negligence of a corporation like Plaid, we’re here to help. Give us a call to get your case reviewed for free, 24/7. 

How to File a Yahoo Settlement Claim

Yahoo customers who were impacted by Yahoo! Inc.’s data breaches are finally able to obtain a measure of justice.

Litigation led by attorneys has resulted in a proposed settlement valued at $117.5 million. While the settlement won’t be finalized until a hearing on April 9, several important customer filing deadlines have been announced. If you are a Settlement Class Member, you can take immediate action to claim your share of the settlement.

Data Breach Background

On four separate occasions between 2012 and 2016, malicious actors breached Yahoo’s internal systems and compromised the personal information of roughly 3 billion customers worldwide. Personal information believed to be taken includes the names, email addresses, telephone numbers, birthdates, passwords, and security questions of Yahoo account holders. Private information contained within users’ emails, calendars, and contacts may also have been stolen.

In response to the data breaches, impacted individuals filed a class action lawsuit against Yahoo and its small business services provider, Aabaco Small Business, LLC (“Aabaco”). Plaintiffs alleged that they suffered financial harm because Yahoo and Aabaco failed to adequately protect their personal information. attorney John Yanchunis served as Lead Counsel on what became the largest class action lawsuit in history. The lawsuit led to a $117.5 million Yahoo data breach settlement that is now open to claims.

Who Qualifies for the Yahoo Settlement?

You are a member of the settlement if you’re a resident of the United States or Israel and you had a Yahoo account between January 1, 2012 and December 31, 2016; or if you received a notice from Yahoo about the data breaches or the data breach settlement.

Importantly, Yahoo accounts include not only email accounts but also Yahoo Fantasy Sports, Yahoo Finance, Tumblr, and Flickr.

What Can Class Members Receive from the Settlement?

Class members may be eligible for the following compensation:

  • Two years of credit monitoring services and fraud resolution services, OR an alternative cash payment of $100 (if you verify that you already have a credit monitoring service that you will keep for at least one year). The cash payment could change depending on how many class members participate in the settlement.
  • Class members can additionally receive cash reimbursement worth up to $25,000 in out-of-pocket losses, including up to 15 hours of time spent remedying issues related to the data breach, billed at $25/hour or your hourly work rate, whichever is higher. (Note: Even if you can’t document the time you spent dealing with the repercussions of the data breach, you can still claim payment for up to five hours of lost time at $25/hour, or your hourly work rate if it is higher.)
  • Users who paid Yahoo for advertisement-free or premium email services, or who paid Yahoo or Aabaco for small business email services, are eligible for reimbursement up to 25% of the amounts they paid for these services.

For complete settlement and eligibility terms, please visit the Yahoo! Inc. Customer Data Security Breach Settlement website.

How Do I Submit a Settlement Claim?

Class members can make claims online or by mail no later than July 20, 2020.

Most Yahoo users will want to submit a claim for credit monitoring services or an alternative cash payment, and out-of-pocket costs and/or loss of time. To do so, complete and submit this claim form.

Alternatively, you can download the claim form here, fill it out, and mail it to: In re: Yahoo! Inc. Customer Data Breach Security Litigation, c/o Settlement Administrator, PO Box 1760, Philadelphia, PA, 19105-1760.

You can also request a hard copy of the claim form by calling 844-702-2788 or emailing

To file an online claim for paid user costs, complete and submit this form. (You can also download a hard copy of the form here and mail it to the address above, or call or email the Settlement Administrator to have a hard copy of the form sent to you.)

To file a claim for small business costs, complete and submit this form, or download and mail in a hard copy of the form, or contact the Settlement Administrator to receive the form by mail.

For full details about filing these claims, please see the answers to FAQ #s 17, 18, 19, and 20.

What Happens If I Do Nothing? 

Doing nothing means you are not eligible to participate in any aspect of the settlement. You must file a claim in order to receive credit monitoring services or compensation.

Can I Sue Yahoo? 

If you want to reserve the right to sue Yahoo over the data breaches, you need to send a letter to the Settlement Administrator excluding yourself from the settlement class. Your exclusion letter must be postmarked no later than March 6, 2020. Learn how to exclude yourself.

Contact the Settlement Administrator 

Still have questions? You can send a message to the Settlement Administrator using this Contact Form.

MGM Data Breach: Exposure of 11 Million Guests’ Personal Info

As a result of yet another massive data breach at a landmark American corporation, this week the personal information of 10.6 million MGM Resorts guests was posted to a hacking forum. 

According to reporting by ZDNet, the leaked files include personal contact information for millions, including high-profile celebrities, government officials, and tech company CEOs. Pop star Justin Bieber and Twitter CEO Jack Dorsey are reportedly among those whose personal information was exposed, though MGM has not confirmed this. 

MGM has confirmed the incident. According to their security team, these leaked files were illegally accessed and stolen more than a year ago. MGM further claims that they alerted past guests about the breach at the time of the hack. 

Data breaches of this kind put customers at serious risk, yet the companies and organizations that collect this data have failed to prevent them time and time again. If you think you were a victim of the MGM data breach, we want to hear from you. Morgan & Morgan data breach attorneys may be able to help you hold these companies accountable. 

What Kind Of Information Was Stolen?

ZDNet independently confirmed that the following information was stolen and made available to the criminal public:

  • Names 
  • Addresses 
  • Phone numbers 
  • Passport numbers

This may not seem like a big deal, but to cyber-criminals this information is a goldmine that might be used to help gain access to email, social media, and even financial services accounts. It can also be used to stalk or harass people in real life. 

What Should Victims Do?

If you have stayed in an MGM Resorts hotel in the past, your first step should be to ensure that your online accounts are safe. Check for any suspicious activity and change your passwords. 

Your next move should be to contact Morgan & Morgan’s data breach attorneys. Our legal team will see if you have a case — for free with no risk.


Takata Recalls 10 Million More Airbags From 14 Automakers

The Takata airbag crisis, now in its 13th year, is expanding yet again.

U.S. regulators announced the recall of 10 million additional ammonium-nitrate based airbag inflators due to the risk that they could explode, spraying vehicle passengers with metal shrapnel. The recalled inflators were used as temporary fixes, or “like-for-like” replacements. Tens of millions additional Takata inflators containing a drying agent could also be recalled based on safety assessments.

These recalls are distinct from those involving 1.4 million vehicles’ Non-Azide Driver inflators (NADIs), which can explode or underinflate. The National Highway Traffic Safety Administration (NHTSA) is investigating Audi, Toyota, Honda, and Mitsubishi regarding the NADIs. Only BMW has acted on the potentially deadly issue, even though there have been at least two deaths and two injuries associated with NADI airbags.

As the Takata recalls drag on, some affected owners may have stopped paying attention to the seemingly-endless updates. But ignoring the problem could result in serious injury or death. Last year, victims continued to file Takata lawsuits after their airbags allegedly exploded. 

Did you suffer cuts or worse from your airbag in a car accident? Receive a free case review.

Inflators Are Recalled for Second Time

It’s déjà vu all over again for millions of automakers and car owners in the latest round of Takata airbag recalls.

According to a notice from TK Global LLC (Takata’s successor company), the newly recalled inflators were previously installed as interim replacements for defective units. The rationale behind swapping one dangerous airbag for another is that the replacement parts had not been exposed to heat and humidity, which degrade the airbags over time and can cause them to explode when deployed. TK Global says it isn’t aware of any interim inflators rupturing, but issued the recall “out of an abundance of caution.”

Automakers with vehicles that need airbag fixes are Audi, BMW, Honda, Daimler, Fiat Chrysler Automobiles (FCA), Ferrari, Ford, General Motors, Mazda, Mitsubishi, Nissan, Subaru, Toyota, and Volkswagen.

BMW recalls include more than 350,000 cars and SUVs, including 2000-2013 X1, X3, X5, and X6 SUVs and 1 Series and 3 Series couples, convertibles, sedans, and wagons. Volkswagen is recalling 2012-2015 Passats, 2011-2014 Golf A6s, and 2011-2013 Audi A3 diesels. Nissan and Infiniti will replace airbags on approximately 308,000 vehicles, while Subaru has begun notifying owners of nearly 500,000 model year 2010-2014 Forester, Legacy, and Outback models. Fiat Chrysler told Car and Driver that its vehicles subject to this notice were already recalled in 2015, so a new recall will not occur. 

Owners should receive manufacturer recall notices, although notices do not always reach used car owners. Alternatively, owners can contact the manufacturer directly or input their Vehicle Identification Number (VIN) at the NHTSA’s recall site.

Takata Airbags Linked to Nearly 300 Injuries

Takata airbags are blamed for at least 16 deaths and 250 injuries in the United States. Worldwide, 25 deaths and more than 290 injuries are linked to Takata inflators.

While the recall may finally be nearing an end, drivers continue to claim that their airbags exploded and caused severe injuries. Jalopnik reports that several Takata lawsuits were filed last year. These cases serve as a reminder that your car’s airbag could still be a ticking time bomb:

  • A California woman filed a lawsuit against Takata and Honda, claiming that she was sitting in the driver’s seat of her parked 2005 Honda Accord when it was struck by another vehicle. She allegedly suffered injuries to the chest, neck, face, and shoulder, as well as a traumatic brain injury.
  • An Alabama resident says that the airbag in her parents’ 2006 Lincoln Navigator deployed upon the ignition key being turned, causing unspecified personal injuries. That Lincoln model has not been recalled for airbag issues, but other owners have similarly complained about their airbags exploding or not deploying.
  • A Nebraska woman sued Takata and Honda, alleging permanent hearing impairment and injuries to her head and neck after a collision that caused the airbag in her 2012 Honda CR-V to explode.

Personal injuries or wrongful deaths caused by a malfunctioning Takata airbag may qualify for compensation through the Department of Justice’s Individual Restitution Fund (IRF) and/or the Takata Airbag Tort Compensation Trust Fund (TATCTF). Individuals who suffer injuries from a Takata airbag within a Honda or Acura vehicle may also qualify for a Participating Original Equipment Manufacturer (POEM) fund claim.

Importantly, victims do not have to accept a trust fund settlement offer. They can still file a lawsuit and take their claim to court.

If you or a loved one was injured by a defective Takata airbag, our attorneys can explain your legal options and guide your potential case to the finish line. Consultations are free, it costs nothing upfront to hire us, and we only accept a fee if we successfully resolve your case.

We have a strong track record of taking on the automotive industry and winning compensation for clients. These claims are time-sensitive, so it’s crucial that you reach out as soon as possible to determine your eligibility. Call 844-871-7487 or contact us to get started.

Roundup Cancer Lawsuits: Year in Review

Glyphosate — the main active ingredient in Roundup weed-killer — was one of the biggest litigation stories of 2019. 

Over the past year, the number of U.S. lawsuits alleging that Roundup weed-killer causes cancer more than quadrupled, from 10,000 to 42,000. Two of these cases went to trial. Both resulted in stinging defeats for Bayer, which was held liable for the plaintiffs’ non-Hodgkin lymphoma and ordered to pay huge verdicts. 

So far, Bayer has yet to win a Roundup cancer lawsuit. As the losses pile up, the company’s stock continues to plunge. But Bayer shows no sign of dropping its defenses. It insists that glyphosate — the most widely-used agricultural chemical in history — does not cause cancer. Bayer has also successfully petitioned several courts to slash plaintiffs’ awards. 

Looking ahead to 2020, Bayer seems to hope for a reversal of fortunes as litigation shifts to St. Louis, where Monsanto was headquartered for decades before Bayer bought the company last year. Regardless of how the courts rule, in the court of public opinion, sentiment is turning against glyphosate as cities, counties, states, and countries worldwide restrict or ban glyphosate over health concerns. 

January 2019: France Removes Roundup Pro 360 from Market

French authorities announced a ban on the sale, distribution, and use of Roundup Pro 360, revoking its approval after a court ruled products with glyphosate are likely carcinogens. An administrative tribunal in southeast France ruled that French food and environmental safety agency ANSES should have given more weight to potential safety risks when it authorized the use of Roundup Pro 360. The European Union has authorized glyphosate through 2022, but President Emmanuel Macron pledged to end French glyphosate use by 2021. 

February 2019: Study Reveals Strong Link Between Glyphosate and Lymphoma

A University of Washington study found that exposure to glyphosate may increase the risk of non-Hodgkin lymphoma by as much as 41 percent. The research was based on a comprehensive review of existing scientific literature, including a study of more than 54,000 people who work as licensed pesticide applicators. Senior study author Lianne Sheppard said, “As a result of this research, I am even more convinced that [glyphosate is carcinogenic].”

March 2019: Roundup Cancer Plaintiff Wins $80M Verdict

Edwin Hardeman v. Monsanto Co., the first federal trial over Roundup, resulted in an $80 million verdict for plaintiff Edwin Hardeman. Hardeman used Roundup on his California property for nearly three decades. He was diagnosed with non-Hodgkin lymphoma in 2015 and struggled through six rounds of chemotherapy. The jury ruled that Roundup was a “substantial factor” in causing his cancer, and that Monsanto was negligent for failing to place a cancer warning label on the product. 

April 2019: Bayer CEO Receives “No Confidence” Vote as Lawsuits Soar

Bayer shareholders expressed their displeasure with the Monsanto acquisition by casting a no-confidence vote in Bayer CEO Werner Baumann. Between the June 2018 Bayer-Monsanto merger and April 2019, Bayer’s stock declined over 30 percent. The decline is said to have stemmed from the rising number (13,400) of Roundup cancer lawsuits. Baumann championed the $63 billion Monsanto deal, which was closely scrutinized on antitrust grounds. Continued courtroom losses and shareholder unrest could increase pressure to settle the remaining Roundup lawsuits.

May 2019: Bayer Slammed with $2 Billion Roundup Verdict

Bayer suffered its largest Roundup defeat to date when a California jury awarded $2 billion to Alva and Alberta Pilliod for their non-Hodgkin lymphoma. This was the third jury to conclude that Monsanto failed to warn consumers about Roundup’s cancer risks. The large punitive damage award was based on the argument that Monsanto concealed these dangers for decades. The Pilliods’ attorneys successfully argued that Roundup contains components that are significantly more toxic than glyphosate — and even more toxic when combined with glyphosate. 

June 2019: Bayer Seeks to Discredit Journalists and Activists

In June, Bayer announced that it had started contacting journalists, politicians, and other interest groups on Monsanto “watch lists” for publicly criticizing the company’s products. It was later revealed that Monsanto sought to discredit opponents such as Carey Gillam, who investigated Roundup’s cancer links. Monsanto allegedly had a public relations strategy in place to attack Gillam and undermine her work. Also in the crosshairs was musician Neil Young, who released a 2015 album called The Monsanto Years.

July 2019: Judge Slashes Hardeman Damages

A federal judge reduced Edwin Hardeman’s damages award from $80 million to $25 million. The judge agreed that Monsanto deserved to be punished based on the evidence at trial, but ruled that the amount of punitive damages was excessive. Juries can award punitive damages to punish a defendant when they believe their conduct was egregious. Punitive damages were also reduced for Dewayne Johnson and Alva and Alberta Pilliod. Hardeman is appealing the reduced damages award. 

August 2019: Rumors Swirl About Roundup Settlement

Bloomberg reported that Bayer was proposing to pay up to $8 billion to settle U.S. Roundup cancer cases. Court-appointed settlement master Kenneth Feinberg called the report “pure fiction.” At the time, Bayer faced around 18,000 Roundup lawsuits. Other settlement estimates are in the $10-to-20 billion range. 

September 2019: Germany Agrees to Ban Glyphosate by End of 2023

Bayer’s home country of Germany agreed in September to ban glyphosate by the end of 2023 and limit its use before then. Germany became the second country to prohibit glyphosate after its neighbor Austria, which passed a bill outlawing all uses of the weed killer. Worldwide, dozens of countries have banned or restricted glyphosate. Numerous U.S. communities and cities have taken similar steps

October 2019: Bayer Announces Roundup Lawsuit Surge

Between July and October, the number of U.S. Roundup lawsuits more than doubled, from 18,400 to 42,700. The upper limit of potential Roundup lawsuits is vast. Virtually everyone has been exposed to glyphosate in one way or another. Roundup-ready crops make up about 90 percent of soybeans and 70 percent of corn and cotton grown in the U.S. As a result, glyphosate has been found in a variety of popular foods and the urine of 93 percent of Americans

November 2019: “Mediation Is Going Slowly but Steadily”

Kenneth Feinberg, who has overseen a number of high-profile lawsuit settlements as mediator, is leading behind-the-scenes Roundup settlement talks. In November, Feinberg told a German magazine, “Mediation is going slowly but steadily.” Bayer CEO Werner Baumann has said the company would consider a settlement that “achieves finality of the overall litigation.” 

December 2019: Former Monsanto CEO Ordered to Testify

Hugh Grant, who led Monsanto from 2003 to 2018, must testify at an upcoming Roundup cancer trial in St. Louis. Grant’s attorney tried to prevent him from taking the stand. (He was not required to do so at the three trials that took place in California.) Monsanto is headquartered in St. Louis, but the city is also known as a plaintiff-friendly forum, with a history of large verdicts against corporations. The attorney of plaintiff Sharlean Gordon said, “She’s been through hell. She’s horribly injured. The human toll here is tremendous. I think Sharlean is really going to put a face on what Monsanto’s done to people.” 

Looking Ahead to 2020

A full slate of 2020 Roundup lawsuits looms large for Bayer and the many people who blame glyphosate for their non-Hodgkin lymphoma. 

Four cases are currently scheduled for trials in January — two in California state courts and two in St. Louis. Another trial is set to take place in February, two in March, and additional trials scheduled almost monthly from April through October 2021. Bayer recently agreed to postpone two January trials involving plaintiffs under the age of 15. If these cases fail to settle and go to trial, it could signal that a settlement will take longer to negotiate.

If you were diagnosed with non-Hodgkin lymphoma after using Roundup, contact us for a free case review. 

Not Again! Facebook Data Breach Hits 276 Million Users

Facebook is yet again accused of failing to protect the personal information of its users, leaving 267 million people potentially vulnerable to scams and phishing schemes.

A database containing the names, phone numbers, unique Facebook IDs, and other personal information of more than 267 million Facebook users was active on the “dark web” for at least two weeks, according to a report by cybersecurity firm Comparitech. Cybersecurity researcher Brian Diachenko said in the report that this data could be used to conduct texting (SMS) fraud and phishing scams. Comparitech said it believes the breach could have originated with a Vietnam-based criminal organization, and that the information was likely accessed via illegal data scraping or Facebook API misuse.

Facebook has faced data breaches and other issues related to user privacy in the past. The most famous is the Facebook/Cambridge Analytica scandal affecting 87 million Facebook users.

Data Security Issues Abound

As we become ever more entangled with the internet, tech companies like Facebook command a significant amount of access to our personal information. With the wrong people having access, it can lead to situations in which people’s lives are upended. That level of access should be considered a privilege to these companies, but that’s not often the case. Instead what we’ve seen is a plethora of major data breaches and hacks, from businesses ranging from a local hospital system to the corporate tech titans of Facebook and Yahoo. According to a report by data security firm Risk Based Security, data breaches increased by 54% in 2019, with more than 3,800 incidents. Frighteningly, three of the 10 largest data breaches ever recorded happened in 2019. That’s nearly a third of all of the largest breaches.

What Can You Do If You Think Your Data Was Leaked?

Our data breach class action attorneys fight for Americans who lack the ability to pursue justice. We take on the irresponsible companies and organizations who’ve failed to protect the sensitive data of their users; our track record of success includes a $117.5 million data breach settlement with Yahoo, among many other smaller but still significant data breach cases.

If you are a Facebook user who was affected by this breach, contact us today for your free case review to potentially join a class action to hold Facebook accountable.

Yahoo! Data Breach Case: $117.5 Million Proposed Settlement Claims Period Begins

Below is some important information about the historic Yahoo! data breach class action

$117.5 Million Yahoo! Data Breach Settlement Claims Information

The following statement is being issued by Morgan & Morgan, P.A., Robbins Geller Rudman & Dowd LLP, Tadler Law LLP, Casey Gerry Schenk Francavilla Blatt & Penfield LLP, and Lockridge Grindal Nauen LLP (“Settlement Class Counsel”) to inform people of their rights and the claims process:

A class action settlement has been granted preliminary approval in the multidistrict litigation (“MDL”) against Yahoo! Inc. (“Yahoo”) arising out of one of the largest known data security breaches in history. As a result, on September 3, 2019, the first Court-approved notice of the proposed Settlement was disseminated, commencing the beginning of the Claims Period. The Claims Period ends on July 20, 2020. Settlement Class Counsel encourages all Settlement Class Members to make a claim for the benefits available under the Settlement.

The class-action litigation concerns several announcements made by Yahoo starting in September 2016, admitting that there had been several data security breaches between 2013 and 2016. The company also announced that in early 2012, they experienced data security intrusions.

Yahoo customers worldwide have been significantly impacted, from alleged identity and credit theft to bank fraud. Plaintiffs in the MDL, represented by Settlement Class Counsel, claim that Yahoo failed to adequately protect their personal information and that they were injured as a result.

Who Is Included?

Residents of the United States and Israel who received a Notice from Yahoo about the Data Breaches, or who had a Yahoo email account at any time between January 1, 2012 and December 31, 2016, are Settlement Class Members.

What Does the Settlement Provide? 

Yahoo has agreed to make changes to improve the security of its customers’ Personal Information stored on its databases. Defendants will also pay for a Settlement Fund of $117,500,000. The Settlement Fund will provide: a minimum of two years of Credit Monitoring Services to protect Settlement Class Members from future harm, or Alternative Compensation instead of credit monitoring for Class Members who already have Credit Monitoring Services (subject to verification and documentation); Out-of-Pocket Costs for losses related to the Data Breaches; and reimbursement of some costs for those who paid for Yahoo premium or Small Business Services. The Settlement Fund will also be used to pay for attorneys’ fees, costs, and expenses, and Service Awards for the Settlement Class Representatives. These are only a summary of the benefits. For complete information, dates, and details on the settlement benefits, visit the Settlement Website at

What Are Yahoo Account Holders’ Options? 

To receive any benefits under the Settlement, Yahoo account holders must file a claim online or by mail by July 20, 2020. Yahoo account holders who want to keep their right to sue the defendants themselves must exclude themselves from the Settlement Class by March 6, 2020. Once excluded, account holders will not receive any credit monitoring or monetary relief from the Settlement. If they stay in the Settlement Class, they may object to the Settlement, and/or the amount of attorneys’ fees, costs, and expenses, and/or the amount of Class Representative Service Awards by March 6, 2020.  Account-holders who do nothing, will not receive any credit monitoring or monetary benefits, but will still be bound by the Court’s decisions. Complete information and instructions on how account holders can file a Claim, exclude themselves from the Settlement, or Object to the settlement are available on the Settlement Website at Only those who File a Claim and are deemed eligible will be permitted to participate in the Settlement and the relief provided.

The Court has scheduled a hearing in this case at 1:30 p.m. on April 2, 2020, in Courtroom 8 of the U.S. Courthouse, 280 South 1st Street, 4th Floor, San Jose, CA 95113, to consider: whether to approve the Settlement as fair, reasonable, and adequate; any objections; a request for Class Representative Service Awards; and attorneys’ fees, costs, and expenses for investigating the facts, litigating the case, and negotiating the settlement. The motion for attorneys’ fees, costs, and expenses will be posted on the website on the date it is filed or as quickly thereafter as practicable. Yahoo account holders may ask to appear at the hearing but are not required to do so.

For More Information

This is only a summary. For complete information and to file a claim for benefits, visit the Settlement Website,, email, or call 844-702-2788.

Glyphosate Cancer Lawsuit Against Monsanto Roundup

Glyphosate Cancer Risks Come Full Circle With Nebraska Roundup Lawsuits

Larry Domina, a third-generation Nebraska farmer, was one of the first people to file a U.S. lawsuit against Monsanto alleging non-Hodgkin lymphoma from Roundup weed killer. 

In June, Monsanto’s parent company, Bayer, was granted permission to have cases heard in Nebraska. The litigation’s move to that state is fitting since it is where the link between farm chemicals and non-Hodgkin lymphoma was first made by researchers, including Dr. Dennis Weisenburger. 

Weisenburger has been serving as an expert witness on behalf of Roundup lawsuit plaintiffs. He is probably best known for his statement that using Roundup more than two days per year doubles the risk of developing non-Hodgkin lymphoma. But Weisenburger has been examining links between herbicides and cancer since the 1980s, when he was a researcher at the University of Nebraska. 

Domina and Weisenburger will play important roles as Monsanto looks to reverse its legal fortunes with upcoming litigation in America’s heartland. 

Nebraska Farmer Third to File Roundup Lawsuit

When Monsanto Roundup Ready crops were introduced in the 1990s, Larry Domina was an early fan. Using such crops, which are genetically modified to resist Roundup herbicide, meant that farmers like Domina could spray Roundup all over their fields without fear of it damaging their produce and without the need for spot-spraying weeds. 

“It was almost magic,” Domina told the Omaha World-Herald

But when Domina was diagnosed with non-Hodgkin lymphoma in 2012, he began to wonder whether the agricultural chemicals he used on his farm might be to blame. 

“There were many, many chemicals that I used, and I knew there were many, many times that I didn’t wash my hands after being in all kinds of stuff,” he said. 

Domina’s cancer is now in remission. Since his recovery, he has narrowed down the list of chemicals that might have caused his cancer to just one: glyphosate, Roundup’s main active ingredient. 

Larry Domina’s brother, David, filed a lawsuit against Monsanto after learning about a report from the International Agency for Research on Cancer that classified glyphosate as “probably carcinogenic to humans.” Filed on behalf of Larry Domina and three other Nebraskans who had been treated for non-Hodgkin lymphoma, it is the third U.S. Roundup lawsuit. 

“Monsanto people told us [Roundup] was safe,” said David Domina. “In fact, they told us it was so safe, you can drink it. But if Roundup is a cause [of cancer], we need to do something about that. We need to get it off the market. Or for sure, Monsanto needs to do a much, much better job of educating people and tell them to be careful.”

After suffering three huge trial losses in California, Bayer asked the judge overseeing federal Roundup litigation to allow trials in other states. Bayer may be betting that juries in the heart of farm country will be more sympathetic than California jurists, who awarded plaintiffs more than $2 billion. 

From UNMC Researcher to Key Plaintiff Expert

When testifying on behalf of Alva and Alberta Pilliod, Weisenburger said the question of whether Roundup causes cancer is “not a hard call.” 

“Your risk is increased twofold for non-Hodgkin’s lymphoma if you used it more than two days per year,” Weisenburger claimed at the Pilliods’ trial. “The more you used it, the more your risk is increased. Being exposed a little bit didn’t increase your risk, but being exposed more increased your risk.”

Weisenburger worked for 28 years at the University of Nebraska Medical Center (UNMC) in Omaha before moving to the City of Hope Medical Center in Los Angeles. As a young doctor at UNMC, Weisenburger was one of the researchers looking into the question of why farmers were showing an increased risk of non-Hodgkin lymphoma. 

“People told me that there was a high rate of lymphoma in Nebraska. So that really piqued my interest,” Weisenburger said while testifying for Edward Hardeman. 

Weisenburger first published a paper on the topic in 1985, and by his estimate, about a dozen papers came out of the Nebraska study. Some of the Nebraska data was combined with other studies to perform more thorough research, including a study from the National Cancer Institute published in 2003. According to its findings, farmers who used glyphosate had a cancer risk that was twice as high as that of the general population. 

When asked at trial by a plaintiff’s attorney whether he thought Roundup can cause cancer, Weisenburger replied, “To the best of medical certainty, I believe that Roundup is a substantial cause of cancer in people who are exposed to it in the workplace or in the environment.” 

Weisenburger further explained, “When you get Roundup on your skin, just like the Roundup will penetrate the plant cells, it will penetrate the cells of the skin, and it will get into the tissues, and it will then get into the lymph system and into the blood. All those tissues do get exposed to glyphosate as it’s going through the body.”

Bayer has accused plaintiffs of using cherry-picked data to prove their cases. It claimed in Mr. Hardeman’s case that Weisenburger’s testimony was made “purely for this litigation.” Bayer’s attorneys filed a Daubert motion to try to exclude Weisenburger’s testimony, but their efforts failed. 

David Domina plans to use Weisenburger as an expert witness for the upcoming Nebraska Roundup trials. If he does, Weisenburger will find himself back where his research began. And once again, his testimony may play a crucial role in securing justice for Roundup cancer victims. 

Does Roundup Cause Cancer Risks?

Are You at Risk of Cancer From Roundup?

More than 13,000 people have filed lawsuits against Monsanto/Bayer in the United States alleging they developed non-Hodgkin lymphoma due to the glyphosate-based weed killer Roundup. Glyphosate is the most heavily used agricultural chemical in the history of the world; Americans have applied around 2 million tons of it since its introduction in 1974. The herbicide has worked its way through the food chain and is now found in nearly every common U.S. food. Such ubiquity has led many Americans to wonder whether they should be concerned about Roundup cancer risks. 

As the debate rages in courtrooms, it is also on the minds of farmers, gardeners, and others who used Roundup for years. If you were diagnosed with non-Hodgkin lymphoma after using Roundup, contact us today for a free, no-obligation case review

Research Draws Different Conclusions About Glyphosate and Cancer  

There’s no question that glyphosate is everywhere and that all of us have likely been exposed. According to one report, 93% of people may have the herbicide in their bodies. Other research has found glyphosate in a range of common food products. 

Less consensus exists, however, about the effects of glyphosate on human health. The Environmental Protection Agency recently concluded that the chemical is noncarcinogenic, while the World Health Organization’s International Agency for Research on Cancer classified glyphosate as “probably carcinogenic to humans” in 2015. The Department of Health and Human Services’ Agency for Toxic Substances and Disease Registry (ATSDR), meanwhile, issued a report in April saying it could not “rule out” an association between glyphosate exposure and cancer risk.

In July, glyphosate registrants issued a response to the ATSDR in which they defended their products as safe. This is the same line that Bayer has taken — despite losing three straight Roundup lawsuits. On its website, Bayer states: “Glyphosate and our glyphosate-based formulated products can be used safely and are not carcinogenic.”

Roundup Plaintiffs and Glyphosate Exposure

The notion that Roundup is not carcinogenic isn’t shared by Edwin Hardeman, Alva and Alberta Pilliod, and Dewayne Johnson. Each of these individuals won sizable jury verdicts against Bayer for non-Hodgkin lymphoma they allege was caused by Roundup use. 

Dewayne Johnson

Johnson received $289 million in damages (later reduced to $78 million) from Bayer last August, although he may not live to see the money. His terminal cancer is causing worsening health, and the appeals process could go on past his life expectancy. In his own words, he is “all messed up.”

Johnson was exposed to Roundup as a school district groundskeeper. He routinely sprayed chemicals, which he refers to as “juice,” but pointed to one incident in particular that he believes caused his cancer. Johnson described in Time an accident that left him “soaked to the skin” in Monsanto’s glyphosate. “I got a little rash. Then it got worse and worse and worse. At one point, I had lesions on my face, on my lips, all over my arms and legs.” A biopsy would reveal that Johnson had cancer. 

Ed Hardeman

Hardeman was awarded $80 million in damages from a San Francisco jury in March 2019 when it found that Roundup was a “substantial factor” in causing his cancer. 

Hardeman and his wife lived for decades on a 56-acre property in Sonoma County, California, where he used Monsanto herbicides from 1986 to 2012 to treat poison oak, overgrowth, and weeds. He learned in 2015 that he had non-Hodgkin lymphoma. After struggling through multiple rounds of chemotherapy, he made the connection to his Roundup use from a TV report. 

“I hope this is a significant turnaround in Monsanto’s history,” said Hardeman, whose cancer is now in remission. He believes Roundup should at least have a stronger warning about cancer risk. “Give us a chance to decide whether we want to use it or not … Have some compassion for people.” 

The Pilliods

The third and latest verdict against Monsanto was awarded to the Pilliods in the amount of $2 billion. They used an estimated gallon of Roundup per week for more than 30 years on their Northern California property. Both were diagnosed with non-Hodgkin lymphoma — Alva in 2011 and Alberta in 2015. 

She told the jury in an Oakland courtroom: “The doctors gave me 18 months to live at most.” Her first symptoms were vertigo, which prompted a visit to the doctor. Doctors found that Alberta had B-cell lymphoma in her brain. The cancer left her with scar tissue and has impaired her cognitive abilities and motor functions. 

Alberta testified that she never wore protective clothing when spraying Roundup because “I really thought it was safe. The ads made me feel like it was safe.”

You May Be Eligible for a Lawsuit

Growing Roundup health concerns have prompted cities, counties, and countries to ban glyphosate products. Many individuals have also moved to non-glyphosate herbicides to protect themselves and their families. And litigation may prompt stronger Roundup health warnings. Already, Bayer is investing billions in weed killer research to reduce its environmental impact. 

But the enormous amounts of glyphosate used in the past could mean many years of problems ahead. If you or a loved one used Roundup and have a cancer diagnosis, you can do your part to hold Monsanto accountable. 

Bayer’s Third Loss in Roundup Cancer Lawsuit Boosts Pressure to Settle

Bayer maintains that Monsanto’s weedkiller Roundup does not cause cancer. So far, juries in three separate cases have disagreed with the agro-giant, most recently in the form of a $2 billion California verdict against Bayer in May 2019. And based on the argument used in that case, the safety of glyphosate—Roundup’s key ingredient—may not be the key issue moving forward.

Bayer looks to reverse its courtroom losing streak in the next Roundup trial, scheduled for August in St. Louis County Court, where legal precedence is not on their side. In the meantime, their huge losses to date, as well as plunging stock prices and court-ordered mediation talks, are putting pressure on Bayer to settle with the roughly 13,400 plaintiffs who allege that Roundup caused their cancer.

Three Trials, Three Losses for Bayer

Juries have not been kind to Bayer in the three Roundup cancer lawsuits that have gone to trial.

In August 2018, a jury at San Francisco’s Superior Court found that Roundup caused groundskeeper Dewayne Johnson’s cancer and ordered Bayer to pay $289 million in damages (later reduced to $78 million). The second trial—the first federal Roundup trial—resulted in a verdict of more than $80 million. But these verdicts pale in comparison to the $2 billion awarded to plaintiffs Alberta and Alva Pilliod by a California jury on May 13, 2019.

Following the verdict—the eighth-largest product defect jury award in U.S. history—Bayer issued a statement saying it was “disappointed with the jury’s decision and will appeal.” The company reiterated its stance that “glyphosate-based products can be used safely and that glyphosate is not carcinogenic,” citing a recent review from the Environmental Protection Agency.

The EPA’s stance on glyphosate’s non-carcinogenicity, however, stands in contrast to not only the view of jurists, but also that of the International Agency for Research on Cancer, a division of the World Health Organization, which says, Roundup is “probably carcinogenic.”

‘Roundup Cocktail’ Argument Proves to Be Potent

Bayer’s latest Roundup trial defeat is significant beyond just monetary terms. A new argument advanced in the trial about Roundup’s non-glyphosate ingredients could have something to do with the result. If so, it would appear to spell trouble for Bayer in future trials.

As Law360 explains, attorneys for Mr. and Mrs. Pilliod argued that Roundup contains “highly more toxic” components that “have a synergistic effect with glyphosate.” A toxicologist expert witness for the plaintiffs testified that one of those components is a surfactant known as polyoxyethylene tallow amine, or POEA, that helps Roundup evenly coat leaves’ waxy surfaces. According to the toxicologist, POEA, which is banned in Europe, makes up 10 – 15 percent of Roundup, while glyphosate makes up 40 – 60 percent. He also testified that POEA is about 40 times more toxic than glyphosate, and that when the two are combined, POEA is 50 times more toxic. This combination effect is known in toxicology as “synergy.”

Shareholders Up In Arms

The day after a jury handed Bayer a $2 billion defeat, the company’s stock price dropped to its lowest level since June 2012. Bayer’s management is reportedly unhappy with Bayer inheriting Monsanto’s Roundup liabilities with the companies’ merger in June of last year. Some investors are calling for the resignation of Bayer CEO Werner Baumann, who championed the Monsanto acquisition. Financial website Seeking Alpha reports that Bayer could end up paying $20 billion to resolve Roundup Lawsuits.

Judge Appoints Feinstein to Mediate Roundup Settlement Talks

The federal judge overseeing the consolidated Roundup cancer trials has ordered Bayer to begin mediation talks aimed at possibly settling the approximately 13,400 Roundup lawsuits filed in the United States.

U.S. District Judge Vince Chhabria appointed Kenneth R. Feinberg to mediate settlement talks. During a hearing on May 22, Judge Chhabria instructed Feinberg to meet with lawyers for Bayer and plaintiffs within 14 days. Feinberg has led mediation talks in high-profile mass torts that include  9/11 first responders, Volkswagen’s “Dieselgate,” the BP Deepwater Horizon oil spill, Catholic priest sex abuse, and General Motors ignition switches.

What’s Next for Bayer

Two more Roundup cancer trials are scheduled for August and September 2019, both in St. Louis. The shift from California to Monsanto’s hometown would seem to benefit the herbicide maker, but the dynamics are complicated. Consumer watchdog U.S. Right To Know points out that, despite Monsanto’s deep roots in the St. Louis community that could improve its chances with local jurors, St. Louis is known as a plaintiff-friendly forum, with a history of large verdicts against corporations.

The plaintiff in the upcoming August trial is Sharlean Gordon. Gordon was allegedly diagnosed with non-Hodgkin lymphoma in 2006 and has undergone years of debilitating treatment. Gordon’s attorneys plan to subpoena Monsanto scientists to testify live before a jury, something that did not occur during the three California cases.

Did you develop non-Hodgkin lymphoma after using Roundup? Contact us for a free legal case review.

7 Ways Companies May Be Violating Your Privacy

In our data-driven economy, we frequently exchange our personal information for a faster, more convenient, and personalized customer experience. But in doing so, we trust that data like our health records, financial information, or personal conversations won’t end up in the wrong hands.

Each time your privacy is violated, you become more vulnerable to identity theft and fraud.

Unfortunately, this isn’t always the case. Data breaches and privacy violations seem to only be getting bigger and more serious.   

How can you hold companies accountable for failing to protect your personal information—other than refusing to use the internet and paying for everything in cash? Know your rights and the laws that protect you.

Lawsuits can help recover compensation for financial and personal losses you suffer as a result of a privacy violation (like having to pay for identity fraud protection). They can also serve a larger purpose by helping to modify business behavior. Many settlement agreements require that companies implement greater security measures in their business. A large settlement or verdict also helps ensure a company doesn’t violate consumers’ privacy again, and serves as a warning to other businesses.

Here are common ways a company may be misusing your personal information, and the laws that can help you fight back.

1. Accessing your credit report without your consent

Under the Fair Credit Reporting Act (FCRA), companies must have a reason to access your credit report. Current or potential employers that want to use your credit report for employment verification and background check purposes must have your written permission first.

Stanford University was recently hit with a class action lawsuit for allegedly obtaining job applicants’ credit reports without their consent.

2. Printing more than five digits of your credit card number or expiration date

This includes receipts. If you ever see more than five digits of your credit card number listed, you may be able to file a privacy violation lawsuit under the Fair and Accurate Credit Transaction Act (FACTA).

National chains like The Cheesecake Factory and Six Flags have recently been sued over FACTA violation allegations.

3. Failing to properly dispose of your personal identifiable information

One of the most basic ways you can protect your sensitive data is by shredding documents and erasing electronic devices before disposing of them. Yet, some companies take the easy route when discarding your information.

Earlier this year, Cox Communications in San Diego was sued over allegedly discarding customer records without shredding or erasing sensitive information. 

4. Not implementing security measures to protect your information from hackers

Anthem agreed to pay $115 million for allegedly exposing the health information of 80 million people.

Billions of records have been exposed in recent data breaches. By now, companies should know that data breaches are a serious and possible threat to their business. When they fail to take basic measures to secure your personal data from hackers, or fail to notify you about a data breach, you may be able to file a data breach lawsuit.

Regulations are even more strict for companies that work with protected health information (PHI). The Health Insurance Portability and Accountability Act (HIPAA) requires that these companies have security measures in place to protect your medical records from unauthorized access. If your information is breached, some states require that companies notify you as soon as possible; in California, for example, companies must send data breach notifications within 15 days of knowing the breach occurred.

Earlier this year, Anthem agreed to pay the largest HIPAA settlement in history—$115 million—for data breaches in 2014 and 2015 that allegedly exposed the health information of 80 million people.

5. Not obtaining your consent before collecting your children’s personal data

The Children’s Online Privacy Protection Act (COPPA) requires that parents have the option to monitor the data that is being collected, and be able to modify or opt out of tracking.

A recent lawsuit alleged that 42 Disney apps violated COPPA by tracking children’s activities to sell to advertisers without parental consent. The complaint called out apps like “Disney’s Princess Palace Pets” and “Disney Color and Play.”

This wasn’t the first COPPA lawsuit the company has faced. In 2011, Disney was hit with $3 million in COPPA penalties when its subsidiary Playdom allowed children to volunteer personal information, including their full names and locations, without parental consent.

6. Failing to inform you what financial information they’re collecting

Under the Gramm-Leach-Bliley Act (GLB), banks and other financial companies are required to send you a privacy notice that includes what information they collect on you, where and how they are using it, and how exactly they’re protecting the data. 

Peer-to-peer payment apps like Venmo are also subject to GLB requirements. The FTC recently filed a lawsuit against Venmo for   allegedly failing to provide users with a clear privacy notice, and for not having safeguards in place to protect user confidentiality until March 2015.

7. Deceptively collecting your personal data

Google is accused of tracking users’ locations, even if they turn off the “Location History” feature on their phones.

A company doesn’t have to suffer a data breach in order to violate your privacy, as recent high-profile lawsuits against Facebook and Google show.

Facebook was sued earlier this year over the the Cambridge Analytica data mine which affected 87 million users. Even though the company didn’t suffer a breach, the lawsuit alleges that Facebook should have known about the data aggregation but failed to stop it or notify consumers.

Google is not only accused of collecting personal information about users without their knowledge, but tricking them into a false sense of security. A recent lawsuit alleges that Google still tracks and stores users’ physical locations, even if they turn off the “Location History” feature on their phones.

Did a Company Violate Your Privacy? 

Each time your privacy is violated, you become more vulnerable to identity theft and fraud. If you believe a company violated your privacy, you may be able to file a lawsuit. Contact us today for a free, no-obligation legal review.

Scariest Products That Aren’t As Regulated As They Should Be

For the most part, consumers tend to trust the products they find on store shelves and from reputable websites. There has been a common belief that these items are regulated and safe for consumption. Yet this trust has been weakening in recent years as information on some potentially dangerous products has spread. It has come to light that some companies knowingly sell products containing cancer-causing ingredients, digital products that disregard consumers’ privacy, or medical products that do more harm than good.

Certain types of products—such as ones that go in or on the body—are ones we expect to be closely regulated. Here are five such product types that deserve more regulation, or any at all.

1. Pesticides

Over one billion pounds of pesticides and herbicides are sprayed every year in the U.S., according to the EPA. Some of the most common—and dangerous—chemicals sprayed are glyphosate, atrazine, and chlorpyrifos. While society has come to view the use of pesticides as normal and essential, research has found that these chemicals may have serious effects on the health of humans and the environment.

Glyphosate, commonly sold as Roundup weed killer, may increase the risk of developing non-Hodgkin’s lymphoma. In August 2018, the first Roundup cancer lawsuit to go to trial resulted in a $289 million verdict. The lawsuit was filed by Dewayne Johnson, a former groundskeeper who used Roundup regularly, and was even soaked with the herbicide on two occasions.

Atrazine, an herbicide that is commonly sprayed on corn, has also been linked to cancer. In addition to cancer, the Centers for Disease Control and Prevention (CDC) warn that long-term exposure to atrazine may result in weight loss, cardiovascular damage, and retinal and muscle degeneration.

The EPA has actually been sued for not banning one pesticide: chlorpyrifos. It’s an organophosphate pesticide that targets the nervous system of worms, insects and other pests. Chlorpyrifos has been connected to learning disabilities and brain development problems in children. Despite these links, Scott Pruitt’s EPA decided to keep the chemical in use rather than ban it. A federal court ordered the EPA to ban chlorpyrifos, yet countless people have already been exposed. 

2. The Internet of Things (IoT)

The Internet of Things (IoT) takes smart devices—from smartphones and TVs to streetlights and cars—and connects them through the internet, allowing them to communicate with one another and take humans out of the equation. The idea is a “smarter” world with machines able to take over mundane tasks and communicate with humans to share data and report problems. By 2020, it’s predicted that 20 to 50 billion devices will be connected to the internet.

Nearly 20 percent of companies suffered an IoT cyber attack in the last three years.

The problem is that smart machines can not only malfunction, but humans could also potentially manipulate IoT for harmful means. Since the IoT connects devices over the internet, it leaves everything vulnerable to hacking. Cameras, cars, thermostats, and even medical devices like pacemakers could be hacked. A recent Gartner study found that nearly 20 percent of companies suffered an IoT cyber attack in the last three years.

Yet, IoT government regulations are virtually non-existent. In fact, California passed the first IoT cyber security law of its kind just last month. The new law will require manufacturers to build in security features that will prevent unauthorized access, and will require each device to have its own unique password, making it more difficult for network-wide attacks to occur.

3. Medical Devices

Under the FDA’s 510(k) pathway, medical device manufacturers don’t have to conduct clinical trials if they can prove that a new device is related to a device that is already on the market. The problem is that this can create chains of medical devices in which the most recent devices are only vaguely similar to the original product that underwent testing.

Johnson & Johnson’s ASR XL metal-on-metal artificial hip replacement was approved through this loophole. The hip allegedly leaked cobalt in the bloodstream of some patients, causing severe side effects like metal poisoning and heart disease. The device was recalled in 2010, and three years later, Johnson & Johnson agreed to settle 8,000 ASR lawsuits for $2.5 billion

Even devices that are required to gain pre-market approval can still be plagued with complications. Pre-market studies for Essure, the permanent form of birth control, showed early on that some patients could experience severe side effects after being implanted with the device. In one study, 9 percent of women reported problems like device migration, painful intercourse and menstruation, and even the need for hysterectomies. Yet, the FDA still approved the device.  

4. Cosmetics and Body Care Products

Body care and beauty products  are only slightly regulated under the FDA. Manufacturers are required to label certain ingredients, but even then they have some flexibility if labeling would give away trade secrets.

If consumers report bad reactions to a product, companies are not required to report them. The FDA may take action only after enough consumers complain, which means that consumers are often acting as guinea pigs for product safety.

The popular WEN Cleansing Conditioner offers the perfect case study for why cosmetics need more oversight. A class action lawsuit alleged that the product caused extreme hair loss, hair breakage, scalp irritation, and rash. The company settled for more than $26 million.

5. Household Cleaning Products

Companies are not required to list all of their ingredients on cleaning supplies—only active disinfectants and potentially harmful ingredients of “known concern.” Yet, most ingredients have never been tested by the EPA or manufacturers.

The Environmental Working Group (EWG) recently published a Hall of Shame for the most dangerous cleaning products. Among these was Simple Green, which contains alcohol ethoxylate surfactants that are banned in the E.U., as well as the solvent 2-butoxyethanol that can damage red blood cells.

Were You Injured by a Product?

Consumers have a tendency to trust products sold by well-known brand names, and often assume that certain products are more regulated than they are. Yet too often, the products that deserve to be regulated the most, such as those that people eat or use on their bodies, are the ones with the loosest regulations. Sometimes companies put products on the market and continue to sell them despite consumer complaints and research on potential harm. Because of this, consumers need to be wary about the products they buy.

If you or a loved one were harmed by any of the products on this list, contact us for a free, no-obligation legal review. You may have a case against the manufacturer. 

CFPB Official Quits, Says Bureau Has Abandoned Consumers

(Above: Acting CFPB director Mick Mulvaney)

Bob Sullivan is an award-winning journalist and the author of four books, including two New York Times bestsellers. He is now a syndicated columnist, frequent TV guest, and co-host of the podcast Breach, which examines history’s biggest hacking stories. Read more of Bob’s stories at

The federal official in charge of handling complaints against the student loan industry resigned in fury on Monday, leveling a series of accusations against his agency—including suppression of a report showing lenders were ripping off college students with “legally dubious account fees.”

The step was not a surprise. Seth Frotman, who was student loan ombudsman at the Consumer Financial Protection Bureau, had been essentially stripped of his team earlier this year, when his enforcement staff was largely shifted to the agency’s education department.

Frotman didn’t lose his title because the position of ombudsman then because the post was specifically created by an act of Congress, a step taken after a series of high-profile student loan scandals.

“You have used the Bureau to serve the wishes of the most powerful financial companies in America.”

In a scathing letter to CFPB director Mick Mulvaney, Frotman said the agency was turning its back on consumers.

“Unfortunately, under your leadership, the Bureau has abandoned the very consumers it is tasked by Congress with protecting,” read the letter. “Instead, you have used the Bureau to serve the wishes of the most powerful financial companies in America.”

Frotman leveled a series of accusations in his letter, saying the bureau had:

  • Abandoned its duty to fairly and robustly enforce the law, and undermined the bureau’s “own authority to oversee the student loan market.”
  • Suppressed publication of a report showing lenders were ripping off borrowers with “legally dubious account fees.”
  • Blocked attempts to share information about why administration measures will “hurt families ripped off by predatory for-profit schools.”

When the CFPB was created in 2010, there was essentially no federal agency responsible for overseeing the student loan market, then besieged with complaints.  Consumers had to figure out which agency regulated the offending bank and file complaints there, often with disappointing results. Some parts of the industry, such as private student loans, fell through the regulatory cracks. So the office of the ombudsman was created as part of the omnibus financial reform legislation as a single agency with the ability to collect complaints and enforce regulations.

(Image by Mother Jones)

The CFPB had returned $750 million to borrowers who had been wronged by the industry, Frotman said in his letter to Mulvaney. “However, after 10 months of your leadership, it has become clear that consumers no longer have a strong, independent consumer bureau on their side.”

Prior to be named CFPB chief, Mulvaney had repeatedly called for the bureau’s dismantling.

In May, the CFPB announced a reorganization that moved the Office for Students and Young Consumers, Frotman’s enforcement staff, into bureau’s financial education office.

“Consumers no longer have a strong, independent consumer bureau on their side.”

Americans hold $1.5 trillion in student loan debt, and the industry is the subject of numerous lawsuits and thousands of complaints.  Many involve loan servicers giving false information to borrowers about repayment plans, or failing to properly apply payments. (Here’s a story I wrote about a study finding that 9 in 10 borrowers who defaulted didn’t know about their options.) For-profit schools and the debt students accrue attending them attract the most complaints. The Associated Press says students filed nearly 24,000 federal fraud complaints between President Donald Trump’s Jan. 20, 2017, inauguration and April 30 this year, almost entirely against for-profit colleges.

Earlier this month, Department of Education Secretary Betsy DeVos recommended scrapping a rule that punishes schools that have low graduation rates mixed with high debt levels. That agency also said it preferred information sharing to enforcement.

Consumer advocates were quick to condemn the CFPB’s changes. Persis Yu, staff attorney at the National Consumer Law Center called Frotman’s allegations “very troubling.”

“For years, the National Consumer Law Center has documented servicer and debt collector abuses that can cost borrowers thousands of dollars and years of repayment,” Yu said in a statement. “At their worst, student loan servicing and debt collection abuses result in the seizure of Earned Income Tax Credits and Social Security benefits that threaten low-income borrowers’ ability to keep a roof over their heads, food on the table, and pay for critical prescription medication. The student loan industry needs accountability and oversight by a strong Consumer Bureau focused on protecting students and other consumers.”

Your Roundup Lawsuit Questions Answered

That weed killer buried in your garage is receiving a lot of media attention lately. Why are people suing Roundup’s manufacturer? And how safe is your go-to herbicide really? We break down some of the most common questions circulating these lawsuits.

What is glyphosate?

Glyphosate is an active ingredient found in Monsanto’s Roundup weed killer. It’s an herbicide that kills broadleaf plants and grasses.

Nearly 300 million pounds of glyphosate are sprayed each year, making it the most used herbicide in the world. Since its introduction in 1974, Americans have applied around 2 million tons of glyphosate. Worldwide, approximately 10 million tons of the chemical have been sprayed. That makes glyphosate the most-heavily used agricultural chemical in history.

Why are people filing lawsuits against Monsanto?

Tens of thousands of farmers, gardeners, and groundskeepers have filed lawsuits against Monsanto, Roundup’s manufacturer, alleging that glyphosate may cause cancer.

The lawsuits claim that Monsanto knew that glyphosate exposure could increase the risk of developing cancer, but failed to warn consumers about it on the product labels. They also argue that Monsanto tried to cover up Roundup’s health risks by misinforming government agencies and the public of its safety.

Wait…Monsanto misled government agencies about Roundup’s safety?

Monsanto employees recommended that they ghostwrite sections of the EPA’s final report on glyphosate to reduce costs.

According to hundreds of pages worth of internal emails and documents released in trial, it appears that some collusion may have happened.

One email recounted that Jess Rowland, former manager of the EPA pesticide division, allegedly discussed how to stop the EPA’s safety review of glyphosate. Rowland allegedly told Monsanto’s regulatory affairs manager, “If I can kill this, I should get a medal.”

Other documents suggest that Monsanto employees recommended that they ghostwrite sections of the EPA’s final report on glyphosate to reduce costs.

In one email, Scott Partridge, Monsanto Vice President of Global Strategy, allegedly said that Monsanto should “ghost-write the Exposure [toxicity] and [genotoxicity] sections.”  Those sections of the report examine how people are exposed to glyphosate, and whether or not glyphosate damages cell genes—so ultimately, whether or not glyphosate may increase the risk of cancer.

Another released internal letter claims that the EPA scientists who were trying to do their jobs and properly assess the chemical were pressured by Rowland and other EPA officials to do otherwise. “You and Anna Lowit intimidated staff on CARC [Cancer Assessment Review Committee]…to favor industry,” former EPA toxicologist Marion Copley accused in a letter to Rowland.”

Monsanto internal documents also show that the company campaigned against those that exposed its possibly-inappropriate relationships with academics and third parties. For example, a report from The Guardian describes how Monsanto operated an “intelligence fusion center” that targeted journalist Carey Gillam, musician Neil Young, and not-for-profit organization US Right to Know (USRTK). 

Does Roundup cause cancer?

Many health agencies and scientists around the world have alleged that exposure to glyphosate may increase the risk of developing cancer. Monsanto maintains that glyphosate does not cause cancer. 

In 2013, scientists Anthony Samsel and Stephanie Seneff published a report in the peer-reviewed journal Entropy concluding that over time glyphosate may damage cellular systems throughout the body. One consequence of this, Samsel and Seneff say, is cancer.

Another study published in a 2015 edition of Environ Health found that some rats exposed to Roundup in low doses suffered kidney and liver damage. The study concluded that long-term, low-dose exposure to glyphosate-based herbicides “can result in liver and kidney damage with potential significant health implications for animal and human populations.”

Perhaps the most influential study came from the World Health Organization’s International Association of Research on Cancer (IARC). The IARC scientists conducted a systemic review of all publicly available glyphosate research, excluding those studies conducted by the chemical industry unless they were published in respected sources like peer-reviewed journals or by government agencies. Based on their results, the scientists classified glyphosate as a probable carcinogen.

The chemical industry has attacked the IARC’s research the most, even going so far as to claim that the international body of scientists produces “junk science.” You can read the IARC’s response to those criticisms here.

EPA’s glyphosate findings contradict those of the IARC. In 2019, EPA reaffirmed its stance that glyphosate is not carcinogenic. EPA Administrator Andrew Wheeler said in an April 2019 statement that the agency found “no risks to public health from the current registered uses of glyphosate.”

Also in 2019, University of Washington researchers published an analysis that found exposure to glyphosate may increase the risk of non-Hodgkin lymphoma by up to 41 percent. The researchers said that these findings align with the IARC’s glyphosate cancer assessment. 

How many lawsuits have been filed?

More than 18,000 lawsuits await trial in state and federal courts. These are consolidated in the multidistrict litigation (MDL) In re: RoundUp Products Liability

Have there been any verdicts or settlements?

Yes. The first Roundup lawsuit that went to trial resulted in a $289 million verdict. The second and third Roundup trials produced $80 million and $2 billion verdicts. However, upon review, judges substantially reduced each of the initial awards. 

Bayer asked the judges overseeing the cases to reduce the punitive damages, and the judges found that the ratio of punitive damages to compensatory damages were excessive. The United States Supreme Court has imposed limits on the amount of punitive damages a jury may award based on the Due Process Clause of the U.S. Constitution. 

A fourth Roundup lawsuit scheduled for August 2019 was tentatively rescheduled for January 2020. This has led to speculation that Monsanto will settle remaining Roundup lawsuits. 

How has Monsanto responded to litigation? Are they going to add a warning to Roundup labels now?

Despite three huge trial losses and the bad publicity they have created for Monsanto, the company—at least publically—remains defiant. Following its third consecutive Roundup lawsuit defeat, Bayer expressing “disappointment” with the jury’s decision and maintained that glyphosate does not cause cancer. “The verdict in this trial has no impact on future cases and trials, as each one has its own factual and legal circumstances,” Bayer said in a statement. 

If we ever see a cancer warning on Roundup labels, it will most likely be because the company was forced to add one. California recently attempted to require that cancer warnings be published on Roundup bottles, but was promptly sued by Monsanto. Earlier this year, a federal judge blocked the state from requiring the warning label. And EPA said that it will not approve cancer warning labels on Roundup and other glyphosate products. 

Who can file a Roundup lawsuit?

Anyone who has been exposed to Roundup and has developed lymphatic cancer, like non-Hodgkin’s lymphoma, within the last decade may be eligible to file a lawsuit. Lawsuits can help recover compensation for past and future medical bills, loss of wages, and pain and suffering. 

Contact us for a free, no-obligation legal review. Our team will tell you if you may have a case.

This Is Why Electronic Devices Keep Exploding

Nearly all of our rechargeable electronic devices are powered by lithium-ion batteries—the same batteries that cause e-cigarettes to explode and hoverboards to burst into flames.

Manufacturers continue to rely on these volatile power sources because their energy density is unparalleled—more than double that of household alkaline or NiCD rechargeable batteries. The injuries and property damage that have resulted from lithium-ion battery explosions though raise serious questions about what companies are doing to ensure their products are as safe as possible.

What are Lithium-Ion Batteries?

Lithium-ion (Li-ion) batteries have been around since the 1970’s. But despite their age, they have become more dangerous, not less, as demand for slimmer electronics with longer-lasting batteries increases.

Li-ion batteries have four main components: positively-charged cathodes, negatively-charged anodes, a highly flammable liquid electrolyte, and a thin sheet of polypropylene that separates the cathodes from the anodes.

When a li-ion battery is charging, electricity moves from the cathodes through the porous polypropylene separator and the liquid electrolyte to the anodes. The reverse process happens when a device discharges.

Why Do Lithium-Ion Batteries Explode?

“These aren’t the batteries you grew up with.”

Problems with lithium-ion batteries start when the opposing electrodes, the cathodes and anodes, touch. The thin layer of polypropylene that serves as the battery separator is supposed to prevent this from happening, but it’s a difficult job as devices become slimmer and batteries stronger.

When the cathodes and anodes do touch, the battery may short circuit, leading to thermal runaway. Thermal runaway is a chemical chain reaction that causes battery chemicals to quickly heat up, sometimes reaching temperatures hotter than 1,000° F. With temperatures that high and the intense pressure that comes along with it, the flammable liquid electrolyte is likely to combust.

But what exactly causes the battery to short circuit in the first place? There are a few common causes:

  • Manufacturing errors: Poor quality batteries can be susceptible to short circuiting if the batteries are designed with poor insulation or ventilation. Other reported manufacturing errors have included jagged battery edges that pierced the all-important separator, and batteries designed with too little space between the separator and the electrodes.
  • Long-term wear and tear: Dropping your phone too many times can damage the battery and cause it to visibly swell up, putting pressure on the battery chemicals.
  • Poorly made chargers: Poorly made chargers can sometimes overcharge batteries, causing them to overheat and short circuit.

“These aren’t the batteries you grew up with—they’re not like alkaline batteries,” warns Mike Morgan, managing partner of Morgan & Morgan’s Product Safety Group. “They shouldn’t be sold loose to consumers without proper training. Instead, they should be sold as ‘captured batteries’ that are protected and allow for safer use. You shouldn’t have to have a degree in electrical engineering to safely operate these devices.”

Yet, these batteries are everywhere and in everything, electrical engineering degrees notwithstanding.

Which Electronic Devices Are Susceptible to Overheating?

Lithium-ion batteries aren’t just different from alkaline batteries for their complex design; they also differ from the average household batteries in that they are more likely to overheat and explode.

It doesn’t matter how large or small the battery is, nor what device it’s powering or the product manufacturer. These batteries can explode anywhere and at any time; while charging, in use, or even while lying dormant. 

Remote controls, wireless ear buds, children’s toys, and even baby monitors have all been known to catch fire unexpectedly. Here’s a roundup of the most notable li-ion battery explosions and recalls.


Laptops were among the first electronic devices to catch fire because of overheating li-ion batteries. In 2006, Dell recalled more than four million laptops. But, overheating laptops are nowhere near a thing of the past for the company. In 2017, a camera captured a teen’s Dell laptop as it burst into flames while charging in his living room.

Dell isn’t the only company that has problems with their laptop batteries. At the beginning of 2018, HP recalled 50,000 laptops because of their susceptibility to overheat. Before the recall was announced, the U.S. Consumer Product Safety Commission (CPSC) had received eight reports of batteries overheating, melting or charring, causing both property damage and first-degree burns.


“The batteries, when unstable, can pack the punch of a roman-candle grenade.”

E-cigs, or vape pens, can cause devastating injuries if they explode since they are used so close to the face and mouth.

When former professional soccer player Danny Califf’s vape pen exploded in his face in 2016,  the li-ion battery when through his cheek. He suffered a broken cheekbone and a concussion as a result.

Other vape pen explosions have ripped holes near people’s mouths, blinded eyes, caused second and third-degree burns, and even set cars on fire. From 2009 to January 2016, the FDA received 134 reports of vape fires and explosions.

“The batteries, when unstable, can pack the punch of a roman-candle grenade,” said Mike Morgan. “When you put the battery in a steel tube like a vaporizer, it builds up with such pressure that you effectively have a pipe bomb. You’re taking that and putting it in your mouth and your pocket, and walking around every day with it.”


It wasn’t long before this must-have holiday gift ranked as one of the most dangerous toys.  

Hoverboards rely on powerful li-ion batteries that pack a dangerous punch when they explode. More than half a million hoverboards were recalled in 2016 after a string of fires and explosions.

These self-balancing scooters have caught fire while charging, riding, and sometimes when they are not in use at all.

A family in Louisiana tragically lost their home when a charging Fit Turbo hoverboard exploded. The fire spread so quickly that their teenage daughter had to jump out of a second-floor window to safety.

The CPSC reported that they received 99 reports of hoverboards “overheating, sparking, smoking, catching fire and/or exploding.” These incidents resulted in more than $2 million in property damage.

Samsung Galaxy Phones

Samsung phones were so prone to exploding that they were eventually banned from airplanes. The phones weren’t manufactured with enough space between the battery’s separator and the electrodes, causing the cathodes and anodes to come in contact. Samsung was eventually forced to recall the Note 7. Overall, there were 92 cases of Galaxy Note fires, 26 burns, and 55 incidents of property damage.

But soon after the first Note 7’s exploded, it was clear that the problem was occurring in other Samsung models, like the S7 Edge.

An S7 Edge exploded in the pocket of Daniel Ramirez while he was on a job site in Ohio. The explosion caused second and third-degree burns on his leg, groin, and lower back. is representing Daniel Ramirez in a lawsuit against Samsung.

Can I File a Lawsuit If My Electronic Device Caught Fire?

While lithium-ion batteries are a problem industry wide, it doesn’t mean that manufacturers are off the hook when it comes to product safety.

Consumers who have suffered physical harm or property damage after an electronic device caught fire may be eligible for compensation. Lawsuits filed against product manufacturers usually allege some combination of the following:

  • Failure to operate as marketed or advertised
  • Inadequate or absent instructions and warnings
  • Dangerous and defective condition, with a propensity to explode under normal conditions

If your electronic device caught fire unexpectedly, contact us today for a free, no-obligation legal review. Our attorneys have filed lawsuits against Samsung and e-cig manufacturers and have the  experience to hold companies accountable for the harm they may have caused.

Chili’s Grill & Bar Owner Sued Over Data Breach

Yesterday, Morgan & Morgan attorneys John Yanchunis and Patrick Barthle filed a proposed class action lawsuit against Brinker International, the owner of Chili’s Grill & Bar, after Brinker acknowledged a data breach compromised the payment card information of Chili’s customers.

The lawsuit was filed in the U.S. District Court for the Middle District of Florida on behalf of three plaintiffs—Marlene Green-Cooper, Shenika Thomas, and Fred Sanders—and all other customers who made a credit or debit card purchase at an affected Chili’s location during the data breach.

Read the Complaint

“It is surprising that payment card breaches continue to be a problem at retailers,” said Yanchunis. “Consumers need to be cautious when using a debit or credit card and ask how the retailer is protecting their payment card information. They need to be vigilant and closely monitor the transactions being made with their cards to ensure that each transaction is what they authorized.”

“Consumers need to be vigilant and closely monitor the transactions being made with their cards to ensure that each transaction is what they authorized.”

In March 2018, hackers gained access to Brinker’s network and installed malware on Chili’s point-of-sale (POS) systems. The malware allowed the hackers to steal the payment information of Chili’s customers.

Approximately two months after the breach, Brinker acknowledged that customers who used payment cards for transactions at certain corporate-owned Chili’s restaurants from March through April 2018 had their customer data stolen, including credit or debit card numbers and cardholder names.

As a result of the data breach, the plaintiffs were the victims of fraudulent credit card charges, the lawsuit alleges. Unfortunately, these may not be the only repercussions from their payment information being compromised. Data breach victims are also at an increased risk of becoming victims of identity theft and fraud months or even years after their information was stolen.

Brinker, Chili’s Ignored Industry Data Breach Warning Signs

“Their approach to maintaining the privacy and security of Customer Data was lackadaisical, cavalier, reckless, or at the very least, negligent.”

POS systems are on-site devices, much like an electronic cash register, which manage consumer transactions. After a payment card is swiped, very briefly the card’s data is stored within the system’s memory. Hackers often install malware to capture this information.

P.F. Chang’s, Arby’s, Chipotle, and Wendy’s have all suffered from data breaches involving their POS systems. Despite industry warnings that arose from these highly publicized data breaches, the lawsuit alleges that Brinker failed to act in order to prevent a similar incident from affecting their customers.

The complaint states, “Brinker’s approach to maintaining the privacy and security of the Customer Data of Plaintiffs and Class members was lackadaisical, cavalier, reckless, or at the very least, negligent.”

The lawsuit claims multiple damages, including the theft of plaintiffs’ personal and financial information, future injury as a result of identity theft and potential fraud, and untimely and inadequate notification of the data breach.

Brinker Will Face Nation’s Top Data Breach Attorneys

Data breaches are an all too common occurrence, but that doesn’t mean corporations should get away with their negligence and failure to protect consumer data. Our attorneys fight on behalf of consumers to ensure that they don’t.

Just last week, attorneys John Yanchunis and Ryan McGee filed a lawsuit against SunTrust Bank over the potential data theft that compromised the private information of 1.5 million SunTrust customers. And in March, Yanchunis filed the first civil lawsuit in response to the unlawful mining of 87 million Facebook users’ private data by Cambridge Analytica. Yanchunis also currently holds leadership positions on the Equifax and Yahoo data breach cases.

If you suspect your personal data has been compromised, learn more about data breach lawsuits and how to join them.

Here’s How to Turn On Two-Factor Authentication

Bob Sullivan is an award-winning journalist and the author of four books, including two New York Times bestsellers. He is now a syndicated columnist, frequent TV guest, and co-host of the podcast Breach, which examines history’s biggest hacking stories. Read more of Bob’s stories at

By now you’ve heard that Twitter has suggested to all users that they change their passwords. I’m here to tell you that you can do more to make yourself much safer with very little effort.

Now is a good time to turn on two-factor authentication at Twitter—and at Facebook, and Gmail, and Amazon, and anywhere else you can. A tiny percentage of consumers have done so—a Google engineer let slip recently that 90 percent of Gmail users don’t use two-factor—and that’s a mistake. It only takes a moment, and while it’s not foolproof, it is considerably safer.

Ninety percent of Gmail users don’t use two-factor authentication.

Good on Twitter, which sent out its provocative warnings yesterday after it discovered a bad password storage process. Some users’ passwords were theoretically viewable in plain text to employees or others on Twitter’s internal networks, though the firm says it has no reason to believe that actually occurred. Still, the familiar call went out to all users suggesting they change their passwords. For the vast majority of you, that means doing something fairly unhelpful like adding an exclamation point to your old password, or switching from one dog’s name to another.

That’s not great, but let’s face it: The average consumer needs to remember 150 passwords. No one can do that. So you reuse passwords. Of course you do. If that’s you, you might consider using a password manager, but they’re not for everyone.

Two-factor authentication, on the other hand, is for (almost) everyone, and you should turn it on now.

For those of you who’ve heard of two-factor—and that’s less than the half the U.S. population — but haven’t bothered to set it up yet, today’s the day. If you haven’t heard of it, well, today’s the day for you, too. You have to work on your Twitter security settings anyway.

What is two-factor authentication?

In general, two-factor authentication means you must tell a website something you know (a password) and prove there’s something you have (usually, your smartphone) before you gain access. This can become a problem for those of us (I mean me) who have an old smartphone with bad battery life. But that’s the price of security.

There are many flavors of two-factor, and not all are created equal. The most rudimentary involves a site sending you a text message with a one-time code you then use to log in. This is better than nothing, but hackers have figured out how to intercept such messages.

Two-factor authentication adds another serious speed bump to someone trying to log into your account.

So a better setup involves a code generator that lives on your smartphone, like Google’s Authenticator app. Users who log in open the app and enter a temporary code that’s only good for about 30 seconds. You can see why a dead cell phone would be a problem, right?

Even using this format, the steps vary slightly. You might need multiple codes to log in to multiple sites. Facebook generates such codes within the app itself. Google’s implementation works really well on Android. A Gmail login simply prompts a pop-up on the phone that asks, “Is this you?”

Again, two-factor isn’t foolproof. But it does add another serious speed bump to someone logging into your account, perhaps akin to the Club steering wheel lock that was once popular as an anti-theft device. One lesson from that era you should borrow: No one wanted to be the only car on the street without a Club. So as two-factor gets turned on, consumers who don’t bother will become bigger targets. Hackers will focus harder on their less-protected accounts. So don’t be that person.

Here are links to common two-factor instructions:

Rene Rocha Appointed to Dicamba Executive Committee

Yesterday, U.S. District Judge Stephen N. Limbaugh Jr. named Morgan & Morgan attorney Rene Rocha to the Plaintiffs’ Executive Committee in the lawsuit filed over dicamba crop damage. Mr. Rocha filed the lawsuit against dicamba manufacturers on behalf of farmers who allege their crops were harmed by the herbicide.

Read the Order

On February 1, this and similar lawsuits were consolidated into a multidistrict litigation, or MDL, to be tried in the Eastern District of Missouri.

Dicamba is a divisive herbicide that was previously deemed too volatile for use, as it was prone to drift onto neighboring farms. Then the U.S. Food and Drug Administration (FDA) approved newer formulations of dicamba that manufacturers like Monsanto say are more stable than previous versions.

But from last spring through the fall, thousands of complaints flooded agriculture boards in more than 20 states. The hardest-hit were those that produce the most soybeans, like Arkansas, Illinois, Missouri, Iowa, Minnesota, Nebraska, Ohio, Kansas, and the Dakotas.

Several states—including Missouri, Arkansas, and North Dakota—enacted restrictions on dicamba use. Arkansas went so far as to ban the herbicide outright for the 2018 growing season—a decision Monsanto challenged in court, unsuccessfully.

Now Mr. Rocha will help shepherd these lawsuits to trial, a leader in the fight to hold dicamba manufacturers accountable for allegedly threatening farmers’ livelihoods.

What Is a Plaintiffs’ Executive Committee?

A layperson may be unfamiliar with the role of a plaintiffs’ executive committee. According to Judge Limbaugh’s order, the duties of the committee include the following:

  • Determine and present to the court and opposing parties the position of the plaintiffs on all matters arising during the proceedings;
  • Initiate, coordinate, and conduct all discovery on behalf of plaintiffs;
  • Make all work assignments on behalf of plaintiffs to promote the orderly and efficient conduct of this litigation;
  • Direct and execute on behalf of plaintiffs the filing of pleadings and other documents with the Court;
  • Negotiate and enter into stipulations and agreements with opposing counsel as necessary throughout the litigation;
  • Consult and employ experts as necessary;
  • Conduct settlement negotiations on behalf of plaintiffs.

In short, the plaintiffs’ executive committee will help direct this complex litigation by making important decisions and delegating work amongst themselves and the other attorneys. Their job is to ensure that the plaintiffs are well represented and that the case moves forward in a timely and efficient manner.

Mr. Rocha and the other committee members will operate under the direction of executive committee chair Don M. Downing of Gray, Ritter & Graham, P.C.

Bayer-Monsanto Merger Worries Farmers

The dicamba MDL is moving forward against the backdrop of an increasingly likely Bayer-Monsanto mega-merger—a union that makes many farmers nervous. With less competition for seeds, herbicides, and other supplies, prices could soar. Less competition could also mean less diversity in seed and chemical choices.

Less competition could mean less diversity in seed and chemical choices.

The Bayer-Monsanto “marriage made in hell” could restrict the range of seeds and pesticides to which farmers have access. It could also increase reliance on herbicides and herbicide-resistant seeds.

Monsanto’s Roundup Ready crops were supposed to decrease herbicide usage because farmers could replace a cocktail of herbicides with glyphosate and avoid tilling farmland to kill weeds, thus reducing runoff. But glyphosate-resistant “superweeds” have sprung up, which necessitate higher doses of glyphosate and other herbicides.

Conveniently, Monsanto has solutions to the superweed problem at the ready, including new or reformulated herbicides—such as dicamba.

If you or a loved one suffered crop losses because dicamba volatilized and moved onto your property from a neighboring farm, contact us today for a free consultation.

Facebook Sued Over Cambridge Analytica Data Mine

***NOTE: The case we filed will seek the certification of a class to include all 87 million users whose information was taken. As such, at this time there is no need to join the lawsuit, as we intend for all impacted users to be automatically enrolled.***

Morgan & Morgan attorney John Yanchunis has filed the first civil lawsuit in response to the unlawful mining of 87 million Facebook users’ private data by Cambridge Analytica. Mr. Yanchunis filed the complaint in the Northern District of California on behalf of Facebook user Lauren Price and all others similarly situated.

“The recent disclosure of the violation of the privacy rights of 87 million consumers who use and trusted Facebook represents yet another troubling example of a company’s failure to maintain the security of information consumers provided,” Mr. Yanchunis said.

Read the Complaint

“Even more alarming is the fact that Facebook executives knew several years ago that these violations occurred and chose to keep silent about it.”

In an online statement last Friday, Facebook announced that it had suspended Cambridge Analytica, a data-centric political consulting firm, after learning that it had failed to delete massive amounts of user data the company had obtained in violation of the social network’s privacy policies.

Among other clients, Cambridge Analytica worked with Donald Trump’s 2016 presidential campaign and allegedly used this unlawfully gained data to target Facebook users with campaign ads.

Mr. Yanchunis told Reuters, “Our client [Ms. Price] saw a tremendous uptick in political messaging during the campaign on her Facebook page, which she had never seen. She had a glimmer of understanding at the time, but now sees there was an attempt to influence her vote.”

On March 27, 2018, he filed a second lawsuit against Facebook for its allegedly improper collection of call and text histories from Android cell phone users who installed Facebook’s mobile application.

Facebook Disputes That Data Breach Occurred

While many have dubbed this violation one of the largest data breaches in history, Facebook is adamant that there was no security breach or hack and therefore the term does not apply. Regardless, 87 million users’ data wound up in the wrong hands, and Cambridge Analytica seemingly reaped enormous profits from this harvest.

The complaint filed today alleges that Facebook either knew about the data aggregation or “actively avoided discovering such knowledge in order to profess supposed ignorance.”

The complaint reads, “Plaintiff brings this suit to protect her privacy interests and those of the class,” which will likely consist of all 87 million impacted users (except for those who opt out). It seeks to prevent further “negligent, deceptive, unfair and unlawful business practices” from the defendants, Facebook and Cambridge Analytica.

Mr. Yanchunis said, “The filing of this lawsuit is a necessary step to secure and protect consumers’ private information, and to seek compensation for the companies’ bad acts.”

Yanchunis Is America’s Top Data Breach Attorney

Unfortunately for the defendants, this is not John Yanchunis’ first major data breach lawsuit. He is Lead Plaintiffs’ Counsel on the largest class action lawsuit in history—regarding the Yahoo data breach that allegedly compromised the data of three billion people around the world.

Moreover, last month U.S. District Judge Thomas W. Thrash named Mr. Yanchunis to the Plaintiffs’ Steering Committee in the Equifax data breach case. Mr. Yanchunis filed that lawsuit (now part of a multidistrict litigation) after unauthorized users accessed the private data of 145 million Americans, whose credit Equifax monitors.

Mr. Yanchunis has also represented consumers in the Home Depot and Target data breach lawsuits, which settled for $13 million and $10 million, respectively.

In short, he is perhaps the most accomplished—and feared—data breach attorney in America. And he sounds confident, telling Reuters that Facebook “leaves a footprint of what was taken that cannot be erased.”

Optically, at least, it doesn’t help matters that Facebook CEO Mark Zuckerberg sold 5.4 million shares in the company in the two and a half months leading up to the Cambridge Analytica announcement. By doing so, Mr. Zuckerberg allegedly saved around $70 million, as Facebook’s shares tanked after the Cambridge revelation.

This calls to mind the Equifax breach. Equifax’s former Chief Information Officer, Jun Ying, allegedly sold nearly 7,000 shares in the company after learning of its data breach (but before Equifax announced it). As a result, the Securities and Exchange Commission has charged him with insider trading.

What to Do About an Inaccurate Credit Report

If you’ve ever found a mistake on your credit report, you’re not alone. Of the 250 million Americans with credit reports, about 20 percent have inaccuracies on their reports. That’s approximately 50 million people.

Of these 50 million, consumer protection attorney Tav Gomez estimates that around 11 million have serious mistakes that may qualify them for legal action under the Fair Credit Reporting Act (FCRA).

Mr. Gomez says, “Consumers have rights under the FCRA to ensure the information in their reports is accurate and complete. The reporting agencies need to be held accountable when they fail to correct inaccurate information.”

Around 50 million people have mistakes on their credit reports.

An erroneous credit report can cost someone a job, a loan, housing, or credit. Although consumers can dispute their credit reports—and/or fraudulent credit card applications and charges—bureaus have very little incentive to take them seriously. On average, Mr. Gomez says, a bureau spends just three minutes reviewing—and usually rejecting—each dispute and validating the information.

When a consumer tries repeatedly to get credit bureaus to correct a significant mistake, and the bureaus fail to do so, that consumer may want to file an FCRA lawsuit. A lawsuit may force the bureaus to correct the report. The plaintiff could also receive compensation for lost wages, loan denials, and other actual damages.

What Is the FCRA?

The U.S. Congress passed the Fair Credit Reporting Act in 1970 to “promote the accuracy, fairness, and privacy of information in the files of consumer reporting agencies.” The Federal Trade Commission (FTC) enforces the act, along with the Consumer Financial Protection Bureau (CFPB). The FCRA ensures the following rights:

  • You must be told if information in your file has been used against you.
  • You have the right to know what is in your file.
  • You have the right to ask for a credit score.
  • You have the right to dispute incomplete or inaccurate information.
  • Consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information.
  • Consumer reporting agencies may not report outdated negative information.
  • Access to your file is limited to people with a valid need for access.
  • You must give consent for reports to be provided to employers.
  • You may limit “prescreened” offers of credit and insurance you get based on information in your credit report.
  • You may seek damages from violators.
  • Identity theft victims and active duty military personnel have additional rights.

The rights above make the consumer sound quite powerful, but reality tells a different story. The three major credit bureaus—Equifax, Experian, and TransUnion—still hold most of the cards.

A person can be denied a job or a home because of something they didn’t even do.

For example, employers often fail to tell prospective employees if they run a credit or background check, see something they don’t like, and therefore deny the applicant a job. In many cases, these failed background checks occur because of an alleged or expunged crime—something that should not be on someone’s record.

In other words, a person can be denied a job or a home because of something they didn’t even do. And if the company fails to tell them that the information in their file was used against them prior to the employer taking an adverse action, that itself is a violation of the FCRA.

Cases of identity theft can be just as frustrating.

A Broken System with No Fix in Sight

When someone disputes his or her credit report—even in legitimate cases of identity theft, which can quickly sink a person’s score—the bureau is required to do a reasonable investigation but they simply contact the creditor or debt collector to verify the reported information.

For example, let’s say your information was accessed in the Yahoo data breach, and someone then used it to open several credit cards in your name and run up a litany of charges. Your credit score plummeted, and you disputed the report on the grounds that your identity was stolen and you weren’t responsible for all those new cards and charges.

The credit bureaus should check with the credit card companies and verify, “Did you actually open these accounts and make these charges?” If the credit card companies said yes (they most likely would), that would be the end of it, and you would be out of luck.  You would receive a communication verifying the debt with little efforts from the credit bureaus.

“Credit bureaus have little economic incentive to conduct proper disputes or improve their investigations.”

It’s a broken system that has inspired one memorable “Last Week Tonight” segment and drawn criticism from the bipartisan Senate Banking Committee.

At a meeting last fall, Sen. John Kennedy (R – LA) said, “The bureaus have no obligation or interest right now to work with me to try and get the credit score correct.”

Sen. Sherrod Brown (D – OH) said, “We know the credit bureaus have a long history of consumer complaints and inaccurate reporting that has long term effects on people’s ability to get a job or a house.”

The National Consumer Law Center states, “Credit bureaus have little economic incentive to conduct proper disputes or improve their investigations.”

This is a huge problem that impacts tens of millions of people. In light of the quotes above, Congress should be trying to strengthen the CFPB—the agency meant to regulate and combat exactly these kinds of injustices.

But the new head of the CFPB, Mick Mulvaney, has instead slashed its budget and vowed to rein in what he views as excessive enforcement on the agency’s part. For the time being, it looks like consumers are on their own.

What Can I Do About an Inaccurate Credit Report?

To make sure your credit report is fair and accurate, do the following:

  1. Request free annual credit reports from each of the three major bureaus via
  2. Look for inconsistencies, discrepancies, duplicate reporting and errors. E.g., one bureau’s report may differ significantly from the other two. This suggests that bureau has made a mistake.
  3. Contact the bureau(s) to dispute any errors you find, and/or any strikes on your credit that occurred as a result of identity theft or fraud. Make sure to keep copies of the dispute communications and the results from the agencies.
  4. If or when the bureau fails to correct the report, contact an attorney to learn your rights under the FCRA.

Mr. Gomez says, “A good credit history is a huge asset for consumers. Information contained in a consumer’s reporting file affects their access to mortgages, car loans, credit cards, utility services, residential leases, employment and insurance.”

If you were denied housing, employment, or credit because of a mistake on your credit or consumer report—or if you were the victim of identity theft that impacted your credit score—you could be owed money for damages. Contact us for a free legal consultation.

Received an Email from the “IRS”? It’s a Scam

If you haven’t filed your taxes yet, you should do them as soon as possible—before someone else does.

The Internal Revenue Service (IRS) warns that tax refund fraud schemes have grown increasingly common in recent years. Criminals gain access to consumers’ private data, then use that information to file false tax returns and try to acquire the resulting refunds.

Tax refund fraud has grown increasingly common in recent years.

When the victim of this identity theft receives his or her (fraudulent) refund, the criminal contacts them, impersonates the IRS, says the refund is a mistake, and demands that they transfer the money to a different account.

Russell Schrader, head of the National Cyber Security Alliance, tells The New York Times, “It signifies the ingenuity of the fraudsters out there.”

In 2016, tax refund fraud accounted for an estimated $21 billion in false refunds—more than three times as much as in 2013.

The uptick in this type of fraud creates serious problems for businesses as well as individuals.

Businesses Suffer Phishing Scams, Data Breaches

To carry out tax refund fraud, criminals need a person’s name, birthdate, and Social Security Number. How do they acquire this information? Through phishing scams. The FBI states:

The most popular method remains impersonating an executive, either through a compromised or spoofed email in order to obtain W-2 information from a Human Resource (HR) professional within the same organization.

It’s obvious why this would be the most popular method: instead of having to acquire individuals’ data one by one, emailing an employee of a company’s human resource department allows criminals (if successful) to scoop up dozens or even hundreds of consumers’ data all at once.

To protect employees’ information, the FBI recommends that companies limit the number of people who can handle W-2 requests, require dual approval for wire transfer requests, and verbally confirm requests via phone calls to known contacts.

For individuals whose data was accessed—leading to identity theft and/or tax refund fraud—the best course of action may be a lawsuit.

Cyber criminals also obtain social security numbers in high volume by infiltrating companies that store personal identification information (PII) such as social security information. This form of theft and exposure of PII has become known as a data breach. It typically occurs due to lax cyber security measures on the part of the company that has sustained a breach.

For individual employees whose data was accessed in this manner—leading to identity theft and/or tax refund fraud—the best course of action may be to file a data breach lawsuit.

If you have fallen victim to identity thieves, contact us for a free consultation. You could be owed money for damages.

IRS Doesn’t Email People or Threaten Police Action

If you receive an email or phone call from someone claiming to be from the IRS, they are almost definitely lying. As a general rule, the IRS does not email or call people. The vast majority of the time, the IRS sends letters via the U.S. Postal Service.

The IRS also emphasizes the following:

  • They will not demand “immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer.”
  • They will always give you the opportunity to question or appeal how much you owe.
  • They will not threaten to “bring in local police, immigration officers or other law-enforcement to have you arrested for not paying.”
  • The IRS does not have the authority to take away your immigration status or driver’s license.
  • In the rare event of a home visit, IRS agents will always show two forms of official credentials.

In short, if someone is trying to bully or coerce you into swift payment with a specific kind of card, he or she most likely is a scammer.

Report phishing scams to, file an identity theft complaint at the Federal Trade Commission site, and contact an attorney if you experienced financial or reputational damage because of a data breach.

How to Tell If a Company Is Taking Your Private Data Seriously

By following these protective measures, you can reduce the risk that you’ll end up victimized by a company with sloppy security—and the criminals that prey upon them.

Data breaches and malicious hacks unfortunately are a common occurrence. Every year, more companies admit that they’ve fallen victim to a hack or security breach. Their customers end up dealing with the fallout, including identity theft and long-term financial consequences.

The average U.S. internet user had over 150 different online accounts in 2017; each of those accounts required a password and other login details.

The problem is that no one can remember 150 different passwords—and most people reuse their passwords or forget them, which leads to the consumer having to request login details sent to their email. Over the last few years, email providers like Yahoo have been breached as well, leaving login details for many different accounts wide open for exploiting.

With such a dismal outlook, how can you know that a company is going to protect your information? Thankfully there are several actions you can take to help protect yourself.

Operate on a Need-to-Know Basis

Companies use your data as currency.

We’ve all done it—filled out an online form without really thinking about what we’re giving away or why the form is requesting it. But each time you hand over your email address, date of birth, or any other detail about yourself, you’re giving the company on the other end information they may not even need—and may not manage appropriately.

In many cases, companies use your data as currency. They’ll offer something for “free,” such as a guide to something, premium access, or some tangible object you might be interested in. All you need to do is enter your email, or name, or address, or other personal information. You get what you signed up for, but now that the company has that information, they’re free to do as they wish with it—and chances are you didn’t read their privacy policy to see what that includes.

The single easiest thing you can do to ensure that a company protects your information is not to give it to them unless they actually, absolutely need it. Next time you put your personal details into a web form, or sign up for a new account online, think about each piece of information. Is it something they need? If you know that they don’t need it, consider leaving it out. If it’s mandatory, you may want to reconsider whether you really need what the company is offering.

Check for Past Data Breaches and Security Problems

Another way you can check up on companies is by putting your email address into the search bar at This will tell you if your information has already been compromised, and by whom.

The site, run by web security expert Troy Hunt, also maintains a list of companies whose data breaches have been added to their list. This gives readers an idea of which companies have already been caught failing to protect their users’ accounts.

If you see a company on this list, you may want to think twice before opening an account with them.

Read and Ask Questions About the Privacy Policy

The privacy policy outlines how companies will use your data—and whether they will sell it to a third party for marketing purposes.

This can end up being more difficult than it sounds. The average privacy policy, according to researchers at Carnegie Mellon, is 2500 words—a ten-minute read. What’s more, they’re written entirely in legalese, so they’re not the easiest to understand.

While many people think that the existence of a privacy policy means that a company protects your private information, that’s not the case. It actually means that the company has outlined how it will use your data—and that could even include selling it to a third party for marketing purposes.

When you are looking at signing up for an account or purchasing something, take the time to go through the privacy policy. Ask questions if you need to, including whether the company will be building a profile and what that profile will be used for.

Rather than wade through the legal language, you can use the search tool in your browser to find words like “marketing,” “waive,” or “opt-out.” Those terms can point to the parts that could have the biggest effect on your decision to buy from or deal with that company.

You Can’t Put a Price on Peace of Mind

Taking these extra steps can add a bit of time to your online dealings; you might wind up having to postpone a purchase. But the potential risks of identity theft, spam, telemarketers, and more are well worth the extra effort.

Not every company goes the extra mile to protect its customers’ information. Sadly, some companies don’t even do the bare minimum. But with the protective measures outlined above, you can reduce the risk that you’ll end up victimized by a company with sloppy security—and the criminals that prey upon them.

Bill Hess founded, a blog that wants to make the world of online security accessible to everyone. Visit the site if you’re interested in keeping your private information private.

John Yanchunis Named to Equifax Steering Committee

U.S. District Judge Thomas W. Thrash has named Morgan & Morgan attorney John Yanchunis to the Plaintiffs’ Steering Committee in the Equifax data breach lawsuit. Yanchunis filed the lawsuit—now part of a multidistrict litigation (MDL)—after unauthorized users accessed the private data of 145 million Americans.

Read the Order

Last fall, Equifax announced that a breach had compromised the personal information of tens of millions of consumers from mid-May through July 2017. The company knew about the breach for more than a month before coming clean to the public.

The Equifax breach impacted 145 million consumers.

As of this writing, the Equifax breach is the fourth largest data breach of all time. The largest ever—the Yahoo breach of 2013-2014—impacted roughly three billion users.

John Yanchunis is Lead Counsel on that case, which is the biggest class action lawsuit in history. He has also represented consumers in the Home Depot and Target data breach lawsuits, which settled for $13 million and $10 million, respectively.

What Does a Plaintiffs’ Steering Committee Do?

Though the term Lead Counsel seems self-explanatory, a layperson may be less familiar with the role of a steering committee. According to Judge Thrash’s order,

The Steering Committees shall meet and confer as needed regarding the completion of the Plaintiffs’ pretrial and trial activities. The Steering Committees may establish subcommittees to aid in the effective and efficient conduct of this litigation. The Steering Committees shall participate in the determination of any significant matters that arise in the litigation.

In short, the steering committee will help direct this complex litigation by making important decisions and delegating work amongst themselves and the other attorneys. Their job is to ensure that the plaintiffs are well represented and that the case moves forward in a timely and efficient manner.

Though one might expect that the Plaintiffs’ Steering Committee for a lawsuit filed on behalf of 145 million people might include dozens of attorneys, there are just seven on the Equifax committee. That makes the honor—and the scope of responsibilities—that much greater.

Equifax Breach Even Worse Than Initially Thought

Last September, Equifax announced that a breach had compromised the names, Social Security numbers, birthdates, addresses, and driver’s license numbers of consumers from mid-May through July 2017. Equifax also admitted that credit card numbers for approximately 209,000 U.S. consumers were accessed.

But just last Friday, the Wall Street Journal reported that the breach was even more impactful than it initially appeared to be. In addition to the data above, hackers allegedly gained access to tax ID numbers, email addresses, and “driver’s license information beyond the license numbers.”

The number of affected consumers (145 million) seems to remain unchanged. But the breadth of the breach has grown, meaning those affected are more vulnerable than they even realized.

In the wake of the Equifax breach, many experts suggested that consumers freeze their credit to protect against identity theft. In a recent post for, attorney Marisa Glassman also advocated monitoring credit reports and filing one’s taxes as soon as possible in order to prevent fraudulent returns.

Equifax learned of the breach in late July 2017 and sat on the news for about five weeks before informing consumers that their data were at risk.

In the meantime, many shareholders sold their stock in the company.