Skip to content Skip to navigation

Exposing Private Information

Tempurpedic Bed

Tempur Sealy sells its products to consumers through the Tempurpedic.com website. Until October 2016, its website and online payment system was handled through Aptos, a company that provides what the complaint calls “retail enterprise management solutions,” such as point of sale, analytics, and order management. According to the complaint, in February 2016, someone breached Aptos’s systems and installed malware to capture payment card and other information for forty online retailers, including Tempur Sealy. The complaint claims that not only should the information not have been obtainable, but that Aptos and Tempur Sealy were both remiss in not informing customers immediately.

Deep Root Analytics

According to the complaint, Deep Root collected PII on nearly 200 million Americans, including their names, addresses, e-mail addresses, dates of birth, browsing history, and voter ID numbers. The information allegedly included sensitive information analyzing where voters stood on controversial issues such as gun control and abortion, as well as information the RNC had had collected by other data analytics contractors from the 2008 and 2012 elections.

Chipotle meal

The complaint for this class action alleges when hackers accessed the point-of-sale systems at Chipotle locations throughout the US,  customers and victims didn’t hear anything about the data theft for a month.

This settlement is for a consolidated case of class actions against Yapstone Holdings, Inc., a payment service provider. Certain of Yapstone’s users may have had their personally identifiable information (PII) exposed by unprotected URLs exposed between July 15, 2014 and August 5, 2015.

image of UPC logo

The plaintiffs in this lawsuit allege that customers’ insurance declaration and evidence of insurance pages were available on the Lender Verification Portal without sufficient security procedures in place.  These documents contain sensitive customer information.

image of quest diagnostics logo

This class action lawsuit claims that Quest Diagnostics failed to safeguard its clients’ Protected Health Information including laboratory test results and Personal Identifying Information (PII), and that Quest Diagnostics failed to provide timely, accurate, and adequate notice to its clients that their private information had been stolen.  PII includes names, dates of birth, and phone numbers.

The plaintiffs in this lawsuit allege that TalentBin was a “consumer reporting agency” preparing “consumer reports” under the Fair Credit Reporting Act (“FCRA”) when it gathered information from various online sources regarding job seekers and then compiled that information into “candidate profiles” for sale to potential employers and recruiters.

The plaintiffs in this class action lawsuit allege that Head Mercantile Co. sent their employers facsimile communications regarding their own debt.  This act caused plaintiffs severe stress, harassment, humiliation, and embarrassment in the workplace

image of a MAPCO station

The plaintiffs in this lawsuit allege that MAPCO was negligent in failing to prevent the May 2013 data breach and therefore violated the law.

image of st josephs logo

The plaintiffs in this lawsuit allege that St. Joseph Health Systems violated certain confidentiality laws by having confidential medical information of approximately 32,000 patients available online between February 2011 and February 2012.

Pages