Exposing Private Information
This is the second class, after one filed in the previous week, about the massive data exposure involving one of the most widely-used title insurance and real estate closing companies. The complaint alleges that First American Financial Corporation and First American Title Company allowed some 885 million documents to be available on its website with no password or authentication required. (First American Title is a subsidiary of First American Financial Corporation.)
Quest Diagnostics Incorporated is one of the leading medical laboratory services company in the country. But it subcontracted collection work to a company called Optum360, LLC, which in turn subcontracted work to Retrieval-Masters Creditors Bureau, Inc. (RMCB). The result? The personal information of Quest customers was exposed in a data breach at a company they had never given their information to.
In 2017, Washington State University (WSU) found that a hard drive with a backup of its Social & Economic Sciences Research Center server had been stolen from a self-storage. WSU is now settling a class action stemming from that theft. The complaint alleged that WSU had not adequately protected the information which included personal data for over a million individuals.
What would you think of a pharmacy that suggested your doctor to prescribe a medication for you—without even speaking to you about it first? That’s what this complaint claims CVS Pharmacy, Inc. and two associated companies have done in order to increase their sales.
Should companies delete the private information of customers after a certain period? The complaint for this class action says that First American Financial Corporation (FAFC) “expressly promises it will maintain appropriate facilities and systems to protect against unauthorized access to” its customers’ information. Still, it suffered a breach that exposed “approximately 885 million records” relating to sixteen years of mortgage transactions.
You can’t put toothpaste back in the tube. Data breaches are costly to victims because they have no way of taking back their information and must do many things to change card and account information and monitor their credit reports, tax filings, and medical bills for years afterwards. This class action alleges that ABB, Inc. and Baldor Electric Company, known as ABB Motors and Mechanical, Inc., did not take adequate measures to protect employee data.
When data breaches happen, it’s important that companies discover them promptly, put an end to them promptly, and just as promptly let customers know. This data breach class action, against Starwood Hotels & Resorts and its parent company, Marriott International, Inc., claims that hackers had access to customer data for four years and that the companies waited for more than two months before publicizing the breach when they discovered it.
Data breaches are bad enough. But when a company does not promptly tell customers that their information has been exposed, people get angry. The complaint for this class action alleges that Five Below, Inc. suffered a data breach and waited for a month before telling its customers.
On July 17, 2015, the Regents of the University of California revealed that UCLA Health had suffered a cyber intrusion, although it is unclear whether the attackers accessed or removed information in the network. The resulting class action, which alleged that cybersecurity was inadequate, is being resolved by this settlement.
Taconic Biosciences, Inc. is settling a class action concerning a data breach that occurred around the end of January 2017. The complaint alleged that the company was negligent, among other things, and that that led to the exposure of employee W-2 information.