Skip to content Skip to navigation

Exposing Private Information

Costco Photo Services

PNI Digital Media, ULC has agreed to settle a class action concerning a data breach that took place between June 2014 and July 2015, which allowed access to customer payment card data and other information. The class action alleged that PNI violated Georgia’s data breach laws and that it was guilty of negligence, among other things. 

Data Protection

On August 7, 2017, news broke that the HighPoint Solutions Human Resource Director, Christine Cushman, had stolen nearly a million dollars from the company, over a period of two years, by using others’ PII (private individual information) that the company had on file. According to the complaint, Cushman had made forty-five false payroll payments, purportedly to subcontractors, but in actuality depositing the payments into her own account. The complaint alleges that HighPoint breached its duty to properly safeguard PII, failed to put in place proper internal controls and supervisory systems to monitor Cushman, and failed to follow appropriate industry practices for PII storage and protection, among other things. It also claims that HighPoint bears responsibility for Cushman’s actions through the principle of Respondeat Superior.

Neiman Marcus store

The Neiman Marcus Group is settling a class action alleging that it was negligent and otherwise in violation of its duties in the case of a recent data breach. In January 2014, the company announced that it had experienced a data breach that exposed payment card information of customers who had made purchases at several of its stores.

Tempurpedic Bed

Tempur Sealy sells its products to consumers through the Tempurpedic.com website. Until October 2016, its website and online payment system was handled through Aptos, a company that provides what the complaint calls “retail enterprise management solutions,” such as point of sale, analytics, and order management. According to the complaint, in February 2016, someone breached Aptos’s systems and installed malware to capture payment card and other information for forty online retailers, including Tempur Sealy. The complaint claims that not only should the information not have been obtainable, but that Aptos and Tempur Sealy were both remiss in not informing customers immediately.

Deep Root Analytics

According to the complaint, Deep Root collected PII on nearly 200 million Americans, including their names, addresses, e-mail addresses, dates of birth, browsing history, and voter ID numbers. The information allegedly included sensitive information analyzing where voters stood on controversial issues such as gun control and abortion, as well as information the RNC had had collected by other data analytics contractors from the 2008 and 2012 elections.

Chipotle meal

The complaint for this class action alleges when hackers accessed the point-of-sale systems at Chipotle locations throughout the US,  customers and victims didn’t hear anything about the data theft for a month.

This settlement is for a consolidated case of class actions against Yapstone Holdings, Inc., a payment service provider. Certain of Yapstone’s users may have had their personally identifiable information (PII) exposed by unprotected URLs exposed between July 15, 2014 and August 5, 2015.

image of UPC logo

The plaintiffs in this lawsuit allege that customers’ insurance declaration and evidence of insurance pages were available on the Lender Verification Portal without sufficient security procedures in place.  These documents contain sensitive customer information.

image of quest diagnostics logo

This class action lawsuit claims that Quest Diagnostics failed to safeguard its clients’ Protected Health Information including laboratory test results and Personal Identifying Information (PII), and that Quest Diagnostics failed to provide timely, accurate, and adequate notice to its clients that their private information had been stolen.  PII includes names, dates of birth, and phone numbers.

The plaintiffs in this lawsuit allege that TalentBin was a “consumer reporting agency” preparing “consumer reports” under the Fair Credit Reporting Act (“FCRA”) when it gathered information from various online sources regarding job seekers and then compiled that information into “candidate profiles” for sale to potential employers and recruiters.

Pages