Cybersecurity & Data Privacy

Google Nest Secure Secret Microphone Privacy Violations

Online privacy protection and data breach

In February 2019, it was revealed that Google’s home security system installed inside thousands of private homes, Nest Secure, contained hidden microphones. The revelation that homes were bugged by Nest Secure came from Google itself, as it sought to impress customers with a recent update that boosted its Nest Secure so that it could act as an AI-powered Google Assistant: “With the flip of a switch in the Nest app, you can set the Secure as an always-listening Assistant speaker,” the company said in a blog post touting the update.

Until that blog post, Google had never told Nest Secure customers that their homes were bugged, or that the devices in their homes contained microphones at all. Google’s excuse that it had made a simple “error” in failing to inform customers about the hidden microphone left customers furious, and with serious concerns about their compromised privacy.

Contact a Privacy Rights Lawyer at Lieff Cabraser

If you are a Google Nest Secure customer concerned about the privacy threats attendant to Google’s failure to tell users about the secret microphones hidden in Nest Secure devices, we urge you to use the form below to contact us today about your potential case.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

If not in U.S. list country

Postal Code

Telephone Day

How did you find our site?

Are you currently represented by an attorney?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes


Lieff Cabraser is Dedicated to Protecting and Preserving Privacy

Lieff Cabraser is committed to ensuring that the fundamental right to privacy is respected and endures, even as technology evolves and society changes. Our attorneys possess extensive experience and the technological background to successfully assert and litigate a comprehensive range of privacy claims. We represent individuals in precedent-setting cases impacting tens and even hundreds of millions of consumers against prominent technology, social media, and entertainment companies for violations of digital privacy rights and the failure to protect critically-sensitive private data.

Weather Channel User Tracking Complaints

finger pushing Weather app icon

Lieff Cabraser is investigating complaints that TWC Product & Technologies, through their popular Weather Channel smartphone app, deceptively uses the app’s access to private user geolocation data to improperly track minute details of consumers’ locations, and sells that data to third parties for unrelated — and undisclosed — commercial purposes.

The Weather Channel app is one of the most popular weather apps, with more than 100 million users. In seeking users’ permission to access their location data, TWC claims that this sensitive, detailed personal location information will be used to provide local weather forecasts and alerts. In actuality, TWC allegedly sells and monetizes that vast array of private user location information to generate massive profits unrelated to its weather services, including for use by hedge funds. TWC has gone so far as to characterize itself as “a location data company powered by weather.”

Contact a Data Privacy Lawyer at Lieff Cabraser

If you suspect your personal and private location data may have been improperly used and monetized by the Weather Channel app and TWC, we urge you to contact a data privacy lawyer at Lieff Cabraser’s award-winning cybersecurity practice group to learn more about your rights and further action that might be taken to hold TWC accountable.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone

How did you find our site?

Are you currently represented by an attorney?

Comments or questions:

Please sign me up for your Consumer Law newsletter. Yes

Marriott Hotel Guests Massive Data Breach and Theft

Marriott Hotel Arrival

On November 30th, 2018, the Marriott Hotel chain reported that data relating to up to 500 million guests had been accessed and copied via its Starwood reservations system. The compromised and stolen data includes names, addresses, credit card numbers, travel histories, and even passport information for some guests. The data attack started as early as 2014, and may well be the largest personal record theft of all-time of such detailed private data.

The data theft was discovered in early September 2018 but only just reported publicly. It affects Marriott properties including Sheraton, Westin, W Hotels, St. Regis, Four Points, Aloft, Le Méridien, Tribute, Design Hotels, Elements and the Luxury Collection.

Contact a Cybersecurity and Data Privacy Lawyer at Lieff Cabraser

If you suspect your data was stolen in the massive Marriot and Starwood hotels security breach, we urge you to contact a data privacy lawyer at Lieff Cabraser about your potential case using the form below. The information you provide will help us hold Marriott and its chain hotels accountable for any lapses in security and improper delays in reporting the breach.

Lieff Cabraser is Dedicated to Protecting and Preserving Privacy

Lieff Cabraser is committed to ensuring that the fundamental right to privacy is respected and endures even as technology evolves and society changes. Our attorneys possess extensive experience and the requisite technological background to successfully assert and litigate a comprehensive range of privacy claims. We represent individuals in precedent-setting cases impacting tens and even hundreds of millions of Americans against prominent technology, social media, and entertainment companies for violations of digital privacy rights and the failure to protect critically-sensitive personal and employee data.

Learn more about our major successes in digital privacy and data breach cases, including the recent $115 million data breach settlement on behalf of Anthem patients, the $68 million settlement for LifeLock subscribers, and the $13 million settlement for LinkedIn users.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone

How did you find our site?

Are you currently represented by an attorney?

If you know or suspect that your Marriott Starwood stay data was stolen, please describe your experience:

Please sign me up for your Consumer Law newsletter. Yes

Google Tracking Complaints Lawsuit

Data and Location Tracking Complaints

In August 2018, Lieff Cabraser filed a federal class action lawsuit against Google based on user complaints that Google persists in tracking Android and iPhone users’ movements and activities even after users attempt to engage privacy settings in their Google accounts that are supposed to explicitly prevent Google from such tracking. The lawsuit seeks damages as well as a court order demanding that Google destroy all data captured from its geolocation tracking technology of the plaintiff and class members.

Privacy researchers have recently confirmed that the internet search and advertising giant uses your location history even if “Location History” is turned off on your mobile devices. The reports indicate that Google tells users they can “turn off Location History at any time,” such that “the places you go are no longer stored.” But researchers at Princeton University determined that’s just not true: even with location history disabled, some Google apps nevertheless automatically store time-stamped location data without alerting users that they are doing so.

Reports indicate that Google’s privacy-violative behavior affects some two billion users of devices running Google’s Android system as well as hundreds of millions of iPhone users who rely on Google search and map applications. Critics of Google’s practices say Google’s insistent and apparently inescapable tracking serves to boost its enormous advertising revenues, while users point out inconsistencies and even outright deceptions in Google’s communications about its location-tracking and storing practices.

Contact a National Privacy Lawyer at Lieff Cabraser

If you suspect your privacy has been improperly compromised by Google’s tracking and data storage activities, we invite you to write or call us at 1 800 541-7358 to discuss your rights and possible recovery. The information you provide will help us hold Google accountable for any violations of the privacy, tracking, and data retention laws. Unfortunately, we cannot help you with a lost or stolen phone.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

If not in U.S. list country

Postal Code

Telephone Day

How did you find our site?

Are you currently represented by an attorney?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes

23andMe Customer Genetic Data Sharing and Sale Complaints

23andMe customer complaints

Lieff Cabraser is investigating widespread customer complaints that 23andMe is selling intensely personal customer genetic data. Customers have expressed concerns about whether their intimate genetic data is being shared with insurance companies and medical providers.

Contact a National Data Security and Privacy Lawyer at Lieff Cabraser

If you are a 23andMe customer and have concerns about the for-profit sale of your intimate genetic code data by 23andMe, our nationally-ranked Cybersecurity and Data Privacy lawyers would welcome the chance to talk to you about 23andMe’s conduct and your legal rights. The information you provide will help us hold 23andMe accountable for any and all breaches of contract and privacy laws, and there is no charge or obligation for our review of your potential case.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

How did you find our site?

Are you currently represented by an attorney?

Please describe your experience with or concerns about 23andMe and the sharing or sale of private customer genetic data.

Please sign me up for your Consumer Law newsletter. Yes

Facebook/Cambridge Analytica Data Exposure

Online privacy protection and data breach

Lieff Cabraser is investigating reports that a political data firm was able to harvest detailed private information from more than 50 million Facebook users’ profiles without the users’ knowledge or consent. Facebook has apparently been aware of this breach for years, but failed to inform its users of it. Lawmakers in the U.S. and the United Kingdom have demanded that Facebook lift its veil of secrecy and explain to their respective governments and to the public how such a massive exposure of private user data could have occurred.

Lieff Cabraser is investigating whether Facebook failed to employ reasonable security measures to prevent the taking of its users’ private information, and how that information was used by political data firm, Cambridge Analytica. If you know or suspect that your private Facebook data was exposed to Cambridge Analytica, we urge you to contact data privacy lawyers Michael Sobol and David Rudolph at Lieff Cabraser today via the form below to discuss your rights and potential remedies for the violation of your privacy.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone

How did you find our site?

Are you currently represented by an attorney?

Comments/questions:

Please sign me up for your Consumer Law newsletter. Yes

Uber Customer and Driver Data Hack Investigation

Data security digital privacy

Lieff Cabraser is investigating widespread reports of a data breach that exposed the personal data of 57 million Uber customers and drivers, a massive data breach that Uber reportedly concealed for over a year.

The stolen data is said to include names, email addresses and telephone numbers of 50 million Uber customers, personal information of 7 million Uber drivers, as well as 600,000 driver’s license numbers. It is not currently known if additional personal information was also accessed. Irresponsibly, instead of promptly reporting the data breach when it learned of it in October 2016, Uber paid a reported $100,000 ransom to hackers to conceal the breach and failed to report it, notify its customers, or inform the general public until November 21, 2017.

Contact a Personal Data Security Lawyer at Lieff Cabraser

If you are concerned that your information may have been compromised in the Uber data breach, or you have experienced identity theft or other action you think may be related to Uber’s data breach, we urge you to complete the contact form below today to submit your complaint.

Named Law360’s 2017 “Digital Privacy and Data Protection Practice Group of the Year,” our team of nationally-renowned consumer protection lawyers will review your case for free and with no obligation on your part.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Were you a driver or a customer?

If you know or suspect that your stolen Uber data was used to commit an identity crime, please describe your experience:

Please sign me up for your Consumer Law newsletter. Yes

Child Privacy Lawsuits

Apps

Class Actions Filed Against Walt Disney, Viacom, Kiloo, Sybo and Others, For Violations of the Privacy Rights of Children and their Parents

In July and August 2017, Lieff Cabraser filed class action lawsuits against several developers of children’s gaming apps and their software developer partners. These lawsuits allege that defendants unlawfully collected, used, and disseminated the personal information of children who played the gaming apps on smart phones, tablets, and other mobile devices. In June 2018, Lieff Cabraser filed amended complaints, which further detailed defendants’ unlawful behavior. These allegations cover some of the most popular child gaming apps: Nickelodeon’s Llama Spit Spit, Disney’s Princess Palace Pets, and Where’s My Water, and Kiloo’s Subway Surfers.

The lawsuits allege that children’s personal data is pulled from their devices using advertising tracking software. The app developers – including Kiloo, Disney, and Viacom, the parent company of Nickelodeon—license advertising software from software developers which they then embed in gaming apps marketed to children. When children download and play one of these games, the advertising tracking software gathers and sends children’s personal data to advertisers operating within vast advertising networks. The advertising networks may then improperly use that data to build detailed data profiles of the children playing the games in order to target them with advertising based upon their demographics and gaming and other online behavior. Gaming app developers and their advertising partners share in the revenue generated from this tracking behavior.

Below are descriptions of the defendants and their gaming apps included in these lawsuits.

If you suspect your child’s data might have been improperly acquired or used by a mobile game or app without your permission, please call us today at 1 800 541-7358 or use the form below. We welcome the opportunity to speak with you about the case.

The Improper Acquisition and Use of Children’s Data

In the online world, children are particularly vulnerable to companies that seek to profit from the collection and exchange of their private data. Parents and their children have a reasonable expectation of privacy in children’s online activity, which is why long-standing legal privacy protections exist to shield parents and their children from these intrusions, allow parents to maintain the privacy of their children, and provide the opportunity to raise their children as they see fit. By collecting personal information from unsuspecting children, without notice to or consent from their parents, Defendants have breached basic norms about how companies must conduct their business with children. These norms have existed in the bedrock of our society for centuries, and have been re-expressed time and again with the development of new technologies, such as motion pictures, radio, broadcast television, and cable television. For example, Congress recognized the offensiveness of the collection and commercial exploitation of children’s online data and behavior when it enacted the Children’s Online Privacy Protection Act.

Lieff Cabraser’s lawsuits seek to assist in protecting parents and their children from the unwanted collection and exploitation of children’s personal data, under time-honored laws protecting privacy: a California common law invasion of privacy claim, a California Constitution right of privacy claim, a California unfair competition claim, a New York General Business Law claim, a Massachusetts Unfair and Deceptive Trade Practices claim, and a Massachusetts statutory right to privacy claim.

The Gaming Apps

A. The Disney Lawsuit

Plaintiffs—parents on behalf of their children—allege that certain of Disney’s child gaming apps collect, use, and disseminate the personal information of the children playing those games.

The apps included in the complaint are Princess Palace Pets and the Where’s My Water apps (Where’s My Water?, Where’s My Water? 2, Where’s and My Water? Free/Lite).

The defendants in the lawsuit are Disney, the developer of these gaming apps, and the advertising software developers that had their software embedded within the gaming apps, including Upsight, Inc., Unity Technologies SF, Kochava, Inc., MoPub Inc. (owned by Twitter Inc.), and comScore, Inc. and Full Circle Studies Inc. The information collected, analyzed, and used allow Disney and its partners to track children’s activities for their own commercial gain.

B. The Viacom Lawsuit

Viacom, through its brand group Nickelodeon, develops and markets dozens of popular mobile apps for kids. Lieff Cabraser’s lawsuit alleges that in the app Llama Spit Spit, children’s personal information is collected from their personal devices without their or their parents’ knowledge or approval. This information is stored, analyzed, and used to allow Viacom and its partners to track children’s activities for their own commercial gain.

Also named as defendants in this lawsuit are advertising software developers that work with Viacom in these apps, including Upsight, Inc. and Unity Technologies SF.

C. The Subway Surfers Lawsuit

Defendants Kiloo A/S and Sybo ApS developed and market the hugely popular mobile app game Subway Surfers, a game marketed to and popular among children. Subway Surfers has more than a billion downloads worldwide. In its lawsuit against Kiloo and Sybo, Lieff Cabraser (on behalf of parents of child users of Subway Surfers) alleges that the Subway Surfers’ developers unlawfully collect and use children’s personal information from Subway Surfers in violation of privacy laws.

Also named as defendants in the lawsuit are advertising software developers that work with Kiloo and/or Sybo in these apps, including: AdColony, Chartboost, Flurry, Inc. and Oath Inc., InMobi Pte. Ltd, ironSource USA, Inc., Tapjoy, Inc., and Vungle, Inc.

Lieff Cabraser’s Work in Digital Privacy & Child Data Security

Lieff Cabraser is committed to helping parents protect their children, their privacy, and their children’s information in a world where electronic toys, mobile games, and digital devices with inherent security vulnerabilities are growing more and more pervasive. From voice-controlled home devices that can leak sensitive information to video-recording toys and interactive digital games whose data can be leaked or accessed improperly, our private data — and, in particular, children’s private information — faces a growing risk of exposure and improper sharing. An important part of our work protecting children and their data consists of ensuring that companies obey child data protection laws and take all the required steps to ensure that kids’ data remains secure and private.

Lieff Cabraser is similarly committed to ensuring that the fundamental right to privacy is respected and endures, even as technology evolves and society changes. Our cybersecurity attorneys possess extensive experience and the requisite technological background to successfully assert and litigate a comprehensive range of privacy claims.

We represent individuals and classes in precedent-setting cases impacting tens and even hundreds of millions of Americans against prominent technology, social media, and entertainment companies for violations of digital privacy rights and the failure to protect critically-sensitive personal, employee, and child data.

Lieff Cabraser partner Michael W. Sobol, chair of the firm’s Cybersecurity practice group, was named a Top California Cybersecurity Lawyer for 2018. In 2017, Sobol was selected by Law360 as an “MVP” for Cybersecurity and Privacy, and by the National Law Journal as a “Cybersecurity and Data Privacy Trailblazer.” Law360 named Lieff Cabraser’s Cybersecurity group as its 2017 “Practice Group of the Year” for Digital Privacy and Data Protection, and selected our firm as one of six “California Powerhouse” firms for litigation, the only plaintiffs’ firm so honored.

Contact a Privacy Lawyer at Lieff Cabraser


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Please provide any details or concerns about your child's game and app use:

Any additional comments:

Please sign me up for your Consumer Law newsletter. Yes

Hello Kitty SanrioTown

Data security digital privacy

Hackers have obtained information on more than 3 million people who use Hello Kitty websites including SanrioTown.com, hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th, and mymelody.com. The hackers obtained names, birth dates, genders, and email addresses. Even worse, the disclosure includes lightly-protected passwords, as well as the forgotten password questions and answers.

Why Many Allege that Sanrio is Liable

The Hello Kitty websites are operated by Tokyo-based Sanrio Company. Organizations such as Sanrio that hold personally identifiable information — particularly when it relates to children — owe a duty to safeguard this information and protect such information from being compromised, stolen, or misused.

Lieff Cabraser represents parents in nationwide class action lawsuits against device, app, and software creators for compromised and stolen personal data, including children’s private personal data, in the wake of serious failures to properly secure the data. If you fear your child’s private data was stolen or misused as a result of the Hello Kitty data breach, we would welcome a chance to talk to you about your legal rights. There is no charge or obligation for our review of your case.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Please provide any details of your child's use of SanrioTown and Hello Kitty online digital products:

Any additional comments:

Please sign me up for your Consumer Law newsletter. Yes

VTech Child Data Breach

Online privacy protection and data breach

Lieff Cabraser represents parents in a nationwide class action lawsuit against VTech arising after their children’s private personal information was obtained by hackers in the wake of VTech’s alleged failure to take reasonable precautions to secure the children’s data. The stolen information includes the children’s names, birthdates, images, email addresses, and home addresses. VTech acknowledges that data relating to more than 2.8 million children was stolen in the attack.

Background to the VTech Child Data Breach Case

VTech is a leading manufacturer and distributor of digital learning toys. Their products allow children to browse the Internet and communicate with each other. Parents can also download educational content for their children, including learning games and e-books.The information VTech requires from its users links parents to their children — this means, among other things, that VTech has a child’s physical address linked to his or her picture and name. Plaintiffs allege that, given the highly sensitive nature of the information VTech requires from its customers, keeping this information secure and private is essential to ensure each child’s safety.

Plaintiffs also allege that reasonable parents would never knowingly purchase a product or service that would compromise their child’s safety by exposing the child’s picture, name, date of birth, and address to the world. Indeed, VTech at all times represented that it kept its data secure. Despite these representations, VTech failed to take reasonable security precautions. Its product was vulnerable to what is known as a Structured Query Language (“SQL”) “injection attack,” which security experts explain exploits “the very first type of flaw that should be eliminated from any Web application.”

On November 14, 2015, hackers obtained personal information from more than 2.8 million children in the United States, as well as their parents. VTech confirmed and admitted that an “unauthorized party accessed VTech customer data.” In a statement released a few days later, VTech stated that the database contained profile information including names, email addresses, download history, passwords and mailing addresses. The database also included information on young children, including their names, genders and birthdates.

Relief Sought in the VTech Data Breach Case

Lieff Cabraser represents the parents of two children on behalf of themselves and others similarly situated seeking injunctive relief to compel VTech to implement adequate security, damages to compensate purchasers for the significant personal security costs they must now incur, damages because consumers purchased products that were in reality worth much less than their advertised value, and equitable relief including disgorgement of wrongful profits.

The parents and those like them now face costs, including out-of-pocket expenses, associated with the prevention, detection, and recovery from identity theft. There are also lost opportunity costs associated with effort expended and the loss of productivity from addressing and attempting to mitigate the actual and future consequences of the breach, including but not limited to efforts spent researching how to prevent, detect, contest and recover from identity data misuse.

Finally, these children and their parents face continued risk to their personal identity information, which remains in VTech’s possession and is subject to further breaches so long as VTech fails to undertake appropriate measures to protect the personal data in their possession.

Contact a Digital Privacy and Data Security Lawyer at Lieff Cabraser

If you have purchased a VTech digital learning toy for your children please use the form below to contact a data security attorney at Lieff Cabraser about the safety of your information and your rights. Lieff Cabraser is committed to ensuring that the fundamental right to privacy is respected and endures even as technology evolves and society changes, and we represent individuals in precedent-setting cases impacting tens of millions of Americans against prominent technology, social media, and entertainment corporations for alleged violations of digital privacy rights and the failure to protect critically-sensitive personal data.

We will review your case without charge or obligation. Lieff Cabraser agrees to protect your name and all confidential information you submit against disclosure, publication or unauthorized use to the full extent under the law.

Please note: Completion of this form cannot contractually obligate plaintiffs’ attorneys to represent you. We can only serve as your attorney if you and we both agree, in writing, that we will serve as your counsel.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

What VTech digital learning product did you purchase?

Please describe your concerns about Turn's tracking and privacy and your Verizon smartphone or tablet:

Please sign me up for your Consumer Law newsletter. Yes

Experian Data Breach

Abstract program code

Experian T-Mobile Data Breach Investigation

In the wake of news that at least one hacker has acquired the Experian personal and financial records of 15 million T-Mobile customers and other credit applicants, Lieff Cabraser is investigating consumer complaints that Experian may have failed to adequately safeguard and secure the financial and personal records of its consumers.

Consumer concern is elevated both because of the potential depth of financial information affected, and the length of the breach itself — which is reported to have gone on for two years.

In addition to personal information for approximately 15 million customers and T-Mobile service applicants, the data is also reported to have included information on applicants requiring a credit check for service or device financing from Sept. 1, 2013 through Sept. 16, 2015, Experian North America said in a statement.

In a letter to consumers, T-Mobile CEO John Legere said, “Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian.”

While Experian claims to have taken immediate action upon finding the breach, it noted that the stolen data included names, dates of birth, addresses, and Social Security numbers.

Why Experian May Be Liable for the Data Breach

Organizations that hold personally identifiable information, and in particular confidential personal financial information, owe a duty to safeguard this information and protect such information from being compromised, stolen, or misused. It is unknown at this time how the breach could have continued for so long without Experian knowing about it or taking action to protect its customers.

Contact National Personal Data Security Attorneys

If you are a T-Mobile user or applicant and have experienced identity theft or other action you think may be related to Experian’s data breach, we urge you to complete the contact form below to submit your complaint concerning Experian’s alleged failure to properly safeguard your confidential information. There is no charge or obligation for our review of your case.

We agree to protect your name and all confidential information you submit against disclosure, publication or unauthorized use to the full extent under the law. Please describe your complaint.Please note: Completion of this form cannot contractually obligate plaintiffs’ attorneys to represent you. We can only serve as your attorney if you and we both agree, in writing, that we will serve as your counsel.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

If you know or suspect that your stolen confidential personal/financial Experian data was used to commit an identity crime, please describe your experience::

Please sign me up for your Consumer Law newsletter. Yes

LinkedIn “Add Connections”

Abstract program code

Issue: Unauthorized use of identity
Result: $13 million settlement
Year: 2016

Lieff Cabraser represented individual members of LinkedIn, the online business and social networking site, who without their consent or authorization had their names and likenesses used by LinkedIn in reminder emails to those members’ contacts asking that they join LinkedIn.

The complaint specifically challenged LinkedIn’s use of a service it called “Add Connections.” Add Connections allowed LinkedIn members to import contacts from their external email accounts and email connection invitations to one or more of those contacts inviting them to connect on LinkedIn. If an Add Connections invitation was not accepted within a certain period of time, up to two “reminder emails” were sent reminding the recipient that the Add Connections invitation was pending.

U.S. District Judge Lucy H. Koh found that while LinkedIn members initially consented to importing their contacts and sending the Add Connections invitation, members had not consented to LinkedIn sending the two subsequent reminder emails.

Court Grants Final Approval to Settlement

In mid-2015, the parties notified the Court that they had reached a settlement and, on February 16, 2016, the Court granted final approval to a $13 million settlement, one of the largest per-class member settlements in a digital privacy class action. Moreover, LinkedIn agreed to make significant changes to Add Connections disclosures and functionality. Specifically, LinkedIn revised disclosures to real-time permission screens presented to LinkedIn members using Add Connections, and implemented new functionality allowing LinkedIn members to manage their contacts, including viewing and deleting contacts and sending invitations, and to stop reminder emails from being sent if members inadvertently sent out Add Connections invitations to non-members.

The settlement class consists of LinkedIn members who used Add Connections between September 17, 2011 and October 31, 2014. The settlement amount constitutes one of the largest per-class member settlements in a digital privacy class action.

Google Message Scanning

Apps

Year:  2018
Result:  $2.2 million settlement

In Matera v. Google Inc., No. 5:15-cv-04062 (N.D. Cal.), Lieff Cabraser represented consumers in a digital privacy class action against Google Inc. over claims the popular Gmail service scanned outgoing user email messages to build marketing profiles and serve targeted ads.

The complaint alleged that Google routinely scanned email messages that were sent to non-Gmail users by Gmail subscribers, analyzed the content of those messages, and then shared that data with third parties in order to target ads to Gmail users, an invasion of privacy that violated the California Invasion of Privacy Act and the federal Electronic Communications Privacy Act.

In February 2018, the Court granted final approval to a $2.2 million settlement of the action. Under the settlement, Google made business-related changes to its Gmail service, as part of which, Google will no longer scan the contents of emails sent to Gmail accounts for advertising purposes, whether during the transmission process or after the emails have been delivered to the Gmail user’s inbox. The proposed changes, which will not apply to scanning performed to prevent the spread of spam or malware, will run for at least three years.

Lawyers Dedicated to Preserving Privacy

Lieff Cabraser is committed to ensuring that the fundamental right to privacy is respected and endures even as technology evolves.Our attorneys possess extensive experience and the requisite technological background to successfully assert and litigate all manner of privacy claims. We represent individuals in precedent-setting cases impacting tens of millions of Americans against prominent technology, social media, and entertainment corporations for alleged violations of digital privacy rights and the failure to protect critically-sensitive employee data.

AT&T NSA Surveillance

Online privacy protection and data breach

Year: 2008
Result: Congress passed law which granted immunity to AT&T

Hepting v. AT&T

Working closely with our co-counsel the Electronic Frontier Foundation, Lieff Cabraser played a leading role in the litigation against AT&T for assisting the National Security Agency to wiretap and data-mine Americans’ communications.

Plaintiffs alleged that AT&T collaborated with the NSA in a massive warrantless surveillance program that illegally tracked domestic and foreign communications — both by telephone and the internet — along with detailed records about millions of customer communications, in violation of the U.S. Constitution, the Electronic Communications Privacy Act, and other statutes.

The case was filed in January 2006. The U.S. government quickly intervened and sought dismissal. By the Spring of 2006, over 50 other lawsuits were filed against various telecommunications companies, in response to a USA Today article confirming that the NSA had been “secretly collection the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth.” The cases were combined into a multi-district litigation proceeding entitled In re National Security Agency Telecommunications Record Litigation, MDL No. 06-1791.

In June of 2006, the District Court rejected both the government’s attempt to dismiss the case on the grounds of the state secret privilege and AT&T’s arguments in favor of dismissal.

The government and AT&T appealed the decision and the U.S. Court of Appeals for the Ninth Circuit heard argument one year later. No decision was issued.

In July 2008, Congress granted the government and AT&T “retroactive immunity” for liability for their wiretapping program under amendments to the Foreign Intelligence Surveillance Act that were drafted in response to this litigation. Signed into law by President Bush in 2008, the amendments effectively terminated the litigation.

CGI Group Data Breach

Data security digital privacy

Issue: Failure to safeguard confidential records

Lieff Cabraser represents individuals in class action litigation against CGI Group, Inc. and CGI Federal, Inc. (collectively “CGI”) for allegedly facilitating a data breach affecting more than 1,000 U.S. citizens.

The U.S. government contracts with CGI to manage all U.S. passport application activities. Passport applicants must provide their name, date of birth, city of birth, state of birth, country of birth, social security number, sex, height, hair color, eye color, occupation, and evidence of U.S. citizenship, such as a previously issued U.S. passport, or U.S. birth certificate.

Between 2010 and May 2, 2015, CGI employees allegedly stole and sold personal information of passport applicants to cybercriminals. The mass identity theft allowed cybercriminals to use stolen information to buy cell phones and computers, and to obtain lines of credit. The complaint alleges that CGI failed to fulfill its legal duty to protect customers’ sensitive personal and financial information.

Contact us

Individuals who know or suspect that CGI employees appropriated their private personal data are invited to contact Lieff Cabraser by calling us toll-free at 1 800 541-7358 or by using the form below. We will review your claim for free and with no obligation on your part. The information you provide will be kept confidential.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

How did you find our site?

Are you currently represented by an attorney?

Please describe your experience:

Please sign me up for your Consumer Law newsletter. Yes

Anthem Data Breach

Data security digital privacy

Issue: Failure to safeguard confidential patient records

Lieff Cabraser partner Michael W. Sobol serves on the Plaintiffs’ Steering Committee in litigation against health insurance giant Anthem, Inc., for Anthem’s failure to implement and abide by standard security protocols, which resulted in a massive 2015 data breach involving identifiable personal information and health information belonging to over 80 million of Anthem’s members.

Because insurers like Anthem collect and store highly sensitive information as part of their business practices, they must ensure that such information is properly safeguarded and shielded from cybercriminals.

Anthem Privacy Breach

Anthem’s customer database was allegedly attacked by international hackers on December 10, 2014. Anthem says it discovered the breach on January 27, 2015, and reported it about a week later on February 4, 2015.

The scale of the breach was massive. The personal information of nearly 80 million may have been compromised. The theft includes names, birth dates, social security numbers, billing information, and highly confidential health information.

The litigation alleged that organizations that hold personally identifiable information, and in particular confidential personal health information, owe a duty to safeguard this information and protect such information from being compromised, stolen, or misused, and that Anthem was on notice about the weaknesses in its computer security for at least a year before the breach occurred.

Court Grants Final Approval to Settlement

On August 16, 2018, the United States District Court for the Northern District of California granted final approval to a class action settlement in the Anthem Data Breach Litigation, which required Anthem to undertake significant additional cybersecurity measures to better safeguard information going forward, and to pay $115 million into a settlement fund from which benefits to settlement class members will be paid. The benefits to class members under the settlement include a minimum of two years of free credit monitoring, or a cash payment of $50 in lieu of credit monitoring for class members who already have such protection, and compensation up to $10,000 per class member for documented out-of-pocket losses attributable to the data breach.

Following the dismissal of appeals to the District Court’s order approving the settlement, the settlement became effective on October 25, 2018. Claims are now being processed. The deadline to submit a claim for credit monitoring services or the cash payment was July 19, 2018. Those benefits will be distributed, by December 1, 2018, to class members who submitted timely and valid claim forms.

The deadline to claim compensation for out-of-pocket costs will be August 16, 2019. More information about the settlement, and instructions for filing a claim, are available on the settlement website, at www.databreach-settlement.com.

Turn Web Tracking

Data security digital privacy

Issue: Privacy violations

Lieff Cabraser represents plaintiffs in class action litigation alleging that internet marketing company Turn, Inc. violates users’ digital privacy by installing software tracking beacons on smartphones, tablets, and other mobile computing devices. The complaint alleges that in an effort to thwart standard privacy settings and features, Turn deploys so-called “zombie cookies” that cannot be detected or deleted, and that track smartphone activity across various browsers and applications. This conduct allegedly violates consumer protection statutes and the common law.

How Turn Ignored Privacy Concerns

Most smartphones and browsers have standard features for clearing and blocking “cookies,” which are small pieces of data sent from a website and stored in a user’s web browser program, and which can be used to track the user’s Internet activity. According to the complaint, Turn’s own research found that 69% of users routinely delete cookies in order to “shield their online privacy,” and that the majority of people had serious privacy concerns with online tracking and profiling.

Nevertheless, Turn allegedly deploys cookies that evade detection or deletion — the cookies regenerate even if deleted by a smartphone user, prompting security experts to call them “zombie cookies” or “super cookies.” According to the complaint, Turn does this by secretly exploiting a feature of the routing processes of all Verizon customers’ mobile devices. This allows Turn to track and correlate Internet activity across the entire device. Turn’s surveillance, therefore, vastly eclipses traditional methods of gathering user data. Turn uses the data harvested by these cookies to build robust user profiles and sell targeted and profitable advertising. All of this is done without the user’s knowledge or consent.

The Plaintiffs allege that Turn’s conduct violates consumer protection laws and amounts to trespass. Plaintiffs seek injunctive and declaratory relief, restitution, and statutory and monetary damages.

Contact Lieff Cabraser

If you own a smart mobile device — for example, an iPhone or Android phone or tablet — and you have a Verizon data plan for that device, your privacy rights may have been violated by Turn. We welcome the opportunity to review your case and assist you in protecting your digital privacy.

Please use the form below to contact an attorney at Lieff Cabraser or call us toll-free and ask to speak to Lieff Cabraser attorney Nimish Desai at 1 800-541-7358. There is no charge or obligation for our review of your complaint.We will review your case without charge or obligation. Lieff Cabraser agrees to protect your name and all confidential information you submit against disclosure, publication or unauthorized use to the full extent under the law.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Please describe your concerns about Turn's tracking and privacy and your Verizon smartphone or tablet:

Please sign me up for your Consumer Law newsletter. Yes

Turbo Tax Identity Theft & Tax Fraud

Digital privacy and data security

Issue: Identity theft and tax fraud

Lieff Cabraser represents identity theft victims in a nationwide class action lawsuit against Intuit for allegedly failing to protect consumers’ data from foreseeable and preventable breaches, and facilitating the filing of fraudulent tax returns through its TurboTax software program. TurboTax is used on an estimated 30 million tax returns for American taxpayers every year.

Intuit TurboTax Lawsuit Allegations

The complaint alleges that Intuit knew of the widespread use of TurboTax software for the filing of fraudulent returns, but failed to adopt basic cyber security policies to prevent user data access and misuse by hackers and other cybercriminals, and as a result, fraudulent tax returns were filed in the names of the plaintiffs and thousands of other individuals across America.

“Rather than safeguarding customers’ personal and financial information, the complaint charges that Intuit facilitated identity theft and tax fraud by failing to adopt security measures that would have kept criminals from stealing sensitive data on potentially millions of consumers,” stated Lieff Cabraser attorney Michael W. Sobol.

In the case of one plaintiff, she used TurboTax in 2010 to file her federal and state 2010 tax returns. Thereafter, she no longer used the program to file tax returns. In March 2015, four years after she used the program, she received a bill from TurboTax for $242 for the purported electronic filing of 2014 tax returns in Michigan, Ohio, and Oklahoma, and for filing a federal home and business return. Fraudulent tax returns were filed in all of these jurisdictions in the plaintiff’s name.

Another plaintiff neither purchased TurboTax nor provided any personal and sensitive information to Intuit through TurboTax. Nevertheless, the plaintiff learned that fraudulent federal tax return was filed earlier this year in her name through TurboTax.

Relief Sought from Intuit

The complaint seeks damages and injunctive relief, including an order requiring Intuit to implement stricter cyber security measures that will adequately safeguard customer personal and financial information.

Contact Lieff Cabraser

If you have been victimized by identify theft and/or a fraudulent tax return was filed in your name using TurboTax software, we welcome the opportunity to review your claim. There is no charge or obligation for our review of your case.

We will review your case without charge or obligation. Lieff Cabraser agrees to protect your name and all confidential information you submit against disclosure, publication or unauthorized use to the full extent under the law.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Did you purchase Intuit's TurboTax?

If you answered 'yes' above, what year(s)?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes

Sony Data Breach

Digital privacy and data security

Issue: Failure to safeguard confidential employee records
Result: $8 million settlement

Lieff Cabraser served as Plaintiffs’ Co-Lead Counsel in class action litigation against Sony for its failure to take reasonable measures to secure the data of its employees from hacking and other attacks. In October 2015, an $8 million settlement was reached under which Sony will reimburse employees for losses and harm.

In 2014, hackers stole the personally identifiable information of thousands of current and former Sony employees and their families (including Social Security Numbers, addresses, salaries and other employment information, and medical information), and published some of the information on the Internet.  In April 2016, the Court approved a class settlement that provides for up to $4.5 million to reimburse class members for their losses, and also provides class members with two additional years of identity protection services.

In rejecting Sony’s motion to dismiss the core allegations of the lawsuit, the Court stated, “It is reasonable to infer that the data breach and resulting publication of plaintiffs’ [personal identifying information] has drastically increased their risk of identity theft, relative to both the time period before the breach, as well as to the risk born by the general public.” The Court added, “It is commonly known that the consequences resulting from identity theft can be both serious and long-lasting.”

Sony Data Hack Lawsuit Allegations

The complaint, filed on December 18, 2014, charged that Sony owed a duty to take reasonable step to secure the data of its employees from hacking. Sony allegedly breached this duty by failing to properly invest in adequate IT security, despite having already succumbed to one of the largest data breaches in history only three years ago.

The complaint alleged that Sony’s acts and omissions constituted negligence and violated California law including the California data breach notification and medical records retention statutes. The lawsuit sought damages and injunctive relief.

Proposed Class

The class action lawsuit was filed on behalf of all current and former employees of Sony, and their families, within the United States whose personally identifiable information was compromised by the recent data breach.

Google Street View

Google street view car

Issue: Interception of private communications

Lieff Cabraser serves as Plaintiffs’ Liaison Counsel in multi-district litigation in federal court in San Francisco against Google arising out of its interception of electronic communications by Google’s Street View vehicles.

Google Street View vehicles are equipped with cameras to take 360 degree views of streets and 3G/GSM/Wi-Fi antennas with custom-designed software for the capture and storage of wireless signals and data. Since 2007, Google has deployed its Street View vehicles across the U.S.Plaintiffs are individuals who reside in various states and who maintained a Wi-Fi network in their homes. They used their Wi-Fi connection to send and receive private data, including usernames, passwords and personal email messages.

Google Street View Privacy Case Status

Following argument by Lieff Cabraser founding partner Elizabeth Cabraser, in September 2013 the Ninth Circuit Court of Appeals held that federal privacy law applies to residential Wi-Fi networks and that personal information transmitted over Wi-Fi is protected against unauthorized interception. The holding was hailed as “a landmark decision for Internet privacy.” The District Court has authorized an independent expert to search the data intercepted by Google to determine the extent of access to the class representatives’ private information.

Plaintiffs’ Street View Case Allegations

The Consolidated Class Action complaint charges that Google’s Street View vehicles not only collect images for inclusion in Google Maps and Google Earth, but also are secretly imbedded with a wireless sniffer system (also referred to as a packet analyzer) that intercepts electronic communications and other data transmitted over class members’ wireless network. While Google issued press releases disclosing its intent to utilize the vehicles to take photos, it failed to disclose its intent to capture Wi-Fi data. Google has stored class members’ data on its servers, and the data includes email messages, usernames, passwords and other private data.

The complaint charges that Google’s unauthorized interception of private Wi-Fi communications violates the federal Wiretap Act, state wiretap statutes, and California’s unfair business practices. The federal Wiretap Act imposes liability against any person or corporation that “intentionally intercepts, endeavors to intercept, … any wire, oral, or electronic communication.” 18 U.S.C. S 2511(1).

Contact Lieff Cabraser

If you are concerned that your privacy has been violated by the Google Street View data-gathering project, please use the form below to contact Lieff Cabraser to discuss your legal rights and remedies. All information will be held strictly confidential and there is no charge or obligation for our review of your case.We will review your claim without fee or obligation, and Lieff Cabraser agrees to protect your name and all confidential information you submit against disclosure, publication or unauthorized use to the full extent under the law.

Please note: Completion of this form cannot contractually obligate plaintiffs’ attorneys to represent you. We can only serve as your attorney if you and we both agree, in writing, that we will serve as your counsel.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes