Exposing Private Information
The complaint for this class action alleges that Marriott International, Inc. failed to use industry-standard security measures and failed to encrypt sensitive personal information. It also claims that Marriott failed to notice the data breach for as long as four years.
Facebook, Inc. has again exposed the personal information of users, this time in a data breach announced on September 28, 2018. The complaint for this class action claims that the company’s “lax security practices” led to the breach, which exposed information pertaining to some thirty million Facebook users.
Wendy’s will pay more than $3 million to settle a class action alleging it was at fault when the point-of-sale systems at certain of its franchised restaurants were breached between 2015 and 2016. The malware used in the breach permitted the hackers to obtain customer payment card information.
GameStop Corporation has agreed to a settlement in a class action about a cyber attack on its computer systems that occurred sometime between August 10, 2016 and February 9, 2017.
The School Board of Manatee County, Florida has put aside $300,000 to settle a class action alleging that the Board was negligent and breached implied contracts when it allowed W-2 data to be disclosed in January 2017.
The release of personal information can lead to identity theft, but the law has also recognized that there are risks to consumers in the release of their medical information. The complaint for this class action claims that Children’s Mercy Hospital in Kansas City, Missouri did not take adequate steps to prevent access to the medical information of patients.
This settlement resolves a class action brought by current and former employees of TransPerfect Global, Inc., claiming that the company was the victim of a phishing attack sometime around January 17, 2017. This resulted in a data breach and the exposure of the data and payroll information of employees of the company and certain of its affiliates.
Data breaches have become serious hazards for companies who store information and for their employees and customers. It seems therefore all the more maddening when data breaches occur not because of sophisticated hacking techniques but because of gullibility to phishing, as the complaint for this class action charges in the case of the data breach at ABM Industries, Inc. Personal and biometric information was stolen, but the company did not inform employees until seven months after the breach was discovered.
The complaint for this class action claims that in the past five years, almost every major data breach at retail chain stores has involved malware on point of sale (POS) systems—yet retailers still do not take adequate precautions to vulnerable protect customer data. In this case, it was Saks & Company’s systems that were breached, and the issue is not only the breach but Saks’s failure to detect it or properly inform customers for nearly a year.
Aetna, Inc., Aetna Life Insurance Company, and Aetna Specialty Pharmacy, LLC have agreed to settle a class action that alleges two instances of potential breaches of privacy.