Exposing Private Information
This settlement resolves a class action that alleged that Sonic Corporation did not take adequate measures to prevent a data breach that occurred during 2017, exposing customer information.
A fund of $2 million is the result of a settlement between Arby’s Restaurant Group, Inc. and plaintiffs who filed a class action about an Arby’s data breach. The cyberattack targets certain corporate-owned Arby’s restaurants and exposed customer payment card information. The complaint alleges that Arby’s was responsible for the data breach.
Experian is putting aside $22 million to settle a class action regarding a data breach that took place in September 2015. The complaint alleged that Experian did not take adequate precautions to prevent the data breach, which exposed the personal information of approximately 15 million T-Mobile customers who applied for services or device financing through September 16, 2015.
FCH Enterprises, Inc. owns Zippy’s Restaurant, Napoleon’s Bakery, Kahala Sushi, Pearl City Sushi, and Pomaika’I Ballrooms, all in Hawaii. This class action alleged that FCH allowed a data breach that exposed credit and debit card information between November 23, 2017 and March 29, 2018.
The complaint for this class action alleges that Marriott International, Inc. failed to use industry-standard security measures and failed to encrypt sensitive personal information. It also claims that Marriott failed to notice the data breach for as long as four years.
Facebook, Inc. has again exposed the personal information of users, this time in a data breach announced on September 28, 2018. The complaint for this class action claims that the company’s “lax security practices” led to the breach, which exposed information pertaining to some thirty million Facebook users.
Wendy’s will pay more than $3 million to settle a class action alleging it was at fault when the point-of-sale systems at certain of its franchised restaurants were breached between 2015 and 2016. The malware used in the breach permitted the hackers to obtain customer payment card information.
GameStop Corporation has agreed to a settlement in a class action about a cyber attack on its computer systems that occurred sometime between August 10, 2016 and February 9, 2017.
The School Board of Manatee County, Florida has put aside $300,000 to settle a class action alleging that the Board was negligent and breached implied contracts when it allowed W-2 data to be disclosed in January 2017.
The release of personal information can lead to identity theft, but the law has also recognized that there are risks to consumers in the release of their medical information. The complaint for this class action claims that Children’s Mercy Hospital in Kansas City, Missouri did not take adequate steps to prevent access to the medical information of patients.