Failure to Inform Promptly of Data Breach
The complaint for this class action alleges that Marriott International, Inc. failed to use industry-standard security measures and failed to encrypt sensitive personal information. It also claims that Marriott failed to notice the data breach for as long as four years.
Data breaches have become serious hazards for companies who store information and for their employees and customers. It seems therefore all the more maddening when data breaches occur not because of sophisticated hacking techniques but because of gullibility to phishing, as the complaint for this class action charges in the case of the data breach at ABM Industries, Inc. Personal and biometric information was stolen, but the company did not inform employees until seven months after the breach was discovered.
The complaint for this class action claims that in the past five years, almost every major data breach at retail chain stores has involved malware on point of sale (POS) systems—yet retailers still do not take adequate precautions to vulnerable protect customer data. In this case, it was Saks & Company’s systems that were breached, and the issue is not only the breach but Saks’s failure to detect it or properly inform customers for nearly a year.
When you discover that your company’s systems have been hacked, do you (a) announce it, investigate, and hope to punish those responsible, or (b) pay the hackers $100,000 to keep quiet about it? The complaint for this class action claims that Uber chose to bribe the criminals who stole customer and driver data. The complaint claims that Uber failed to safeguard customers’ and drivers’ information and is therefore guilty of negligence and breach of implied contract.
Lime Crime is setting aside funds to settle a class action involving a data breach that exposed the PII of customers who used their payment cards on its site between October 4, 2014 and February 15, 2015. Lime Crime has already sent potentially affected customers an incident notice and offered one year of complimentary identity protection and fraud resolution services.
Whole Foods is known as a high-end grocery retailer, but at some of its 470 stores it also offers taprooms and restaurants. The complaint for this class action alleges that its taprooms and restaurants were the subjects of a data breach in September 2017. According to the complaint, Whole Foods knew about the breach but did not immediately inform the public, so that when plaintiff Patricia Banus made a purchase at a taproom in Rocky River, Ohio, her information was entered into a system that the company knew was already compromised.
Sonic, the largest chain of drive-ins in the US, has become the latest popular company to experience a data breach and expose the information of countless customers’ personally identifying information (PII). The complaint for this class action alleges that Sonic failed to take adequate measures to protect its data systems, failed to stop the breach from happening, failed to monitor and detect the breach on a timely basis, and failed to inform customers promptly. It claims that Sonic is guilty of negligence as well as breaches of Florida and New Jersey state laws.
This class action on the Equifax data breach is being brought by Gulf Winds Federal Credit Union, on behalf of financial institutions that have suffered losses. According to the complaint, Gulf Winds has had to address Compromised Account Management System (CAMS) alerts about customer credit card accounts, and it has incurred expenses in cancelling and reissuing many of its credit cards and in monitoring affected credit cards. In addition, the complaint alleges, it has had to spend time talking to affected customers, adding to fraud oversight measures, working to prevent fraud on consumer accounts, and helping members reduce potential damages, and these measures will likely have to continue for years to come.
People were shocked to hear of the data breach at Equifax, the possessor of an enormous amount of personal and credit account information (PII/CAI) for tens of thousands of people. The complaint for this class action claims that the company was negligent in its measures to protect the information, thus violating the requirements of the Fair Credit Reporting Act (FCRA) and Driver’s Privacy Protection Act (DPPA). In addition to the burden of placing “freezes” and “alerts” with agencies, closing or modifying accounts, and monitoring credit reports and accounts, the complaint alleges that victims of data breaches can be subject to serious harm—drained bank accounts, medical treatments on the victim’s insurance, charges on credit cards, fraudulent obtaining of government benefits in the victim’s name.
Shorter University is settling a class action alleging that the personally identifiable information (PII) and protected health information (PHI) of certain current and former students was stolen or exposed because of a September 2014 theft of documents at the Winthrop-King Centre on Shorter’s campus.