Exposing Private Information
What would you think of a pharmacy that suggested your doctor to prescribe a medication for you—without even speaking to you about it first? That’s what this complaint claims CVS Pharmacy, Inc. and two associated companies have done in order to increase their sales.
Should companies delete the private information of customers after a certain period? The complaint for this class action says that First American Financial Corporation (FAFC) “expressly promises it will maintain appropriate facilities and systems to protect against unauthorized access to” its customers’ information. Still, it suffered a breach that exposed “approximately 885 million records” relating to sixteen years of mortgage transactions.
You can’t put toothpaste back in the tube. Data breaches are costly to victims because they have no way of taking back their information and must do many things to change card and account information and monitor their credit reports, tax filings, and medical bills for years afterwards. This class action alleges that ABB, Inc. and Baldor Electric Company, known as ABB Motors and Mechanical, Inc., did not take adequate measures to protect employee data.
When data breaches happen, it’s important that companies discover them promptly, put an end to them promptly, and just as promptly let customers know. This data breach class action, against Starwood Hotels & Resorts and its parent company, Marriott International, Inc., claims that hackers had access to customer data for four years and that the companies waited for more than two months before publicizing the breach when they discovered it.
Data breaches are bad enough. But when a company does not promptly tell customers that their information has been exposed, people get angry. The complaint for this class action alleges that Five Below, Inc. suffered a data breach and waited for a month before telling its customers.
On July 17, 2015, the Regents of the University of California revealed that UCLA Health had suffered a cyber intrusion, although it is unclear whether the attackers accessed or removed information in the network. The resulting class action, which alleged that cybersecurity was inadequate, is being resolved by this settlement.
Taconic Biosciences, Inc. is settling a class action concerning a data breach that occurred around the end of January 2017. The complaint alleged that the company was negligent, among other things, and that that led to the exposure of employee W-2 information.
Kimpton Hotel & Restaurant Group, LLC is settling a class action centering on a data breach that took place from February 16 to July 7, 2016. The attack installed malware on servers that processed payment cards, taking card numbers, expiration dates, and verification codes, and in some cases cardholder names as well.
This class action concerns Americans working in a Joint Defense Facility Pine Gap (JDFPG) in Alice Springs, Northern Territory, Australia. The complaint alleges that private tax information was illegally disclosed to their employers, and that the employees were later coerced into agreeing to disclosure of their tax information, to ensure that they were completing their returns as their employers wished.
Community Health Systems Professional Services Corporation (CHSPSC) is settling a suit consolidating a number of class actions about a data breach in its systems in April and June 2014. The breach is believed to have been perpetrated by an Advanced Persistent Threat group originating in China.