Exposing Private Information
Six plaintiffs bring this class action against Panera Bread Company for allegedly leaving their personal identifying information available in plain text. Customers were required to surrender this information when setting up the Panera Rewards or MyPanera accounts. Panera not properly safeguard this information, the complaint claims, and after it was informed of the problem, it ignored it for eight months. The counts in the complaint include violations of the Illinois Personal Information Protection Act and Consumer Fraud and Deceptive Business Practices Act as well as the tort of intrusion upon seclusion, breach of contract, negligence, and violation of the right of privacy.
This class action alleges that Facebook, Inc. allowed Cambridge Analystica, LLC (CA) to mine the data of some 50 million Facebook users, for the purpose of influencing voters in what the complaint calls “an unprecedented attack on democracy”—not to mention an unprecedentedly massive misuse of personal information. Facebook has admitted that most of its users have likely had their information scraped by outsiders, which the complaint claims is a violation of the Stored Communications Act, the Alabama Deceptive Trade Practices Act, and common law.
The Academy of Art University (AAU) was fooled by a spoofing scam in April 2016, sending out IRS wage and tax statements of roughly 3,000 current and former AAU employees to a stranger. The information sent included names, addresses, dates of birth, wages, and Social Security numbers.
When you discover that your company’s systems have been hacked, do you (a) announce it, investigate, and hope to punish those responsible, or (b) pay the hackers $100,000 to keep quiet about it? The complaint for this class action claims that Uber chose to bribe the criminals who stole customer and driver data. The complaint claims that Uber failed to safeguard customers’ and drivers’ information and is therefore guilty of negligence and breach of implied contract.
Lime Crime is setting aside funds to settle a class action involving a data breach that exposed the PII of customers who used their payment cards on its site between October 4, 2014 and February 15, 2015. Lime Crime has already sent potentially affected customers an incident notice and offered one year of complimentary identity protection and fraud resolution services.
Anthem announced in February 2015 that it had been the target of a data breach that exposed the personal information of roughly 79 million people.
Whole Foods is known as a high-end grocery retailer, but at some of its 470 stores it also offers taprooms and restaurants. The complaint for this class action alleges that its taprooms and restaurants were the subjects of a data breach in September 2017. According to the complaint, Whole Foods knew about the breach but did not immediately inform the public, so that when plaintiff Patricia Banus made a purchase at a taproom in Rocky River, Ohio, her information was entered into a system that the company knew was already compromised.
Sonic, the largest chain of drive-ins in the US, has become the latest popular company to experience a data breach and expose the information of countless customers’ personally identifying information (PII). The complaint for this class action alleges that Sonic failed to take adequate measures to protect its data systems, failed to stop the breach from happening, failed to monitor and detect the breach on a timely basis, and failed to inform customers promptly. It claims that Sonic is guilty of negligence as well as breaches of Florida and New Jersey state laws.
This class action on the Equifax data breach is being brought by Gulf Winds Federal Credit Union, on behalf of financial institutions that have suffered losses. According to the complaint, Gulf Winds has had to address Compromised Account Management System (CAMS) alerts about customer credit card accounts, and it has incurred expenses in cancelling and reissuing many of its credit cards and in monitoring affected credit cards. In addition, the complaint alleges, it has had to spend time talking to affected customers, adding to fraud oversight measures, working to prevent fraud on consumer accounts, and helping members reduce potential damages, and these measures will likely have to continue for years to come.
Sonic acknowledges that it experienced a data breach that exposed the PII, credit card numbers, and other information of approximately five million customers that could allow criminals to make fraudulent charges to their accounts. The complaint for this class action alleges that it was Sonic’s negligence that enabled the data breach. Other chains, such as Wendy’s and Chipotle, have experienced data breaches recently which the complaint alleges should have put Sonic on notice. However, the complaint alleges, the system Sonic was using was in fact thirty years old, and while the company was working to update it, some locations were still on the old system.