Cybersecurity & Data Privacy

Google Tracking Complaints Investigation

Data and Location Tracking Complaints

Lieff Cabraser is investigating consumer complaints that Google persists in tracking Android and iPhone users’ movements and activities even after users attempt to engage privacy settings in their Google accounts that are supposed to explicitly prevent Google from such tracking. Privacy researchers have recently confirmed that the internet search and advertising giant uses your location history even if “Location History” is turned off on your mobile devices.

The reports indicate that Google tells users they can “turn off Location History at any time,” such that “the places you go are no longer stored.” But researchers at Princeton University determined that’s just not true: even with location history disabled, some Google apps nevertheless automatically store time-stamped location data without alerting users that they are doing so.

Reports indicate that Google’s privacy-violative behavior affects some two billion users of devices running Google’s Android system as well as hundreds of millions of iPhone users who rely on Google search and map applications. Critics of Google’s practices say Google’s insistent and apparently inescapable tracking serves to boost its enormous advertising revenues, while users point out inconsistencies and even outright deceptions in Google’s communications about its location-tracking and storing practices.

Contact a National Privacy Lawyer at Lieff Cabraser

If you suspect your privacy has been improperly compromised by Google’s tracking and data storage activities, we invite you to write or call us at 1 800 541-7358 to discuss your rights and possible recovery. The information you provide will help us hold Google accountable for any violations of the privacy, tracking, and data retention laws. Unfortunately, we cannot help you with a lost or stolen phone.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

How did you find our site?

Are you currently represented by an attorney?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes

23andMe Customer Genetic Data Sharing and Sale Complaints

23andMe customer complaints

Lieff Cabraser is investigating widespread customer complaints that 23andMe is selling intensely personal customer genetic data. Customers have expressed concerns about whether their intimate genetic data is being shared with insurance companies and medical providers.

Contact a National Data Security and Privacy Lawyer at Lieff Cabraser

If you are a 23andMe customer and have concerns about the for-profit sale of your intimate genetic code data by 23andMe, our nationally-ranked Cybersecurity and Data Privacy lawyers would welcome the chance to talk to you about 23andMe’s conduct and your legal rights. The information you provide will help us hold 23andMe accountable for any and all breaches of contract and privacy laws, and there is no charge or obligation for our review of your potential case.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

How did you find our site?

Are you currently represented by an attorney?

Please describe your experience with or concerns about 23andMe and the sharing or sale of private customer genetic data.

Please sign me up for your Consumer Law newsletter. Yes

Facebook/Cambridge Analytica Data Exposure

Online privacy protection and data breach

Lieff Cabraser is investigating reports that a political data firm was able to harvest detailed private information from more than 50 million Facebook users’ profiles without the users’ knowledge or consent. Facebook has apparently been aware of this breach for years, but failed to inform its users of it. Lawmakers in the U.S. and the United Kingdom have demanded that Facebook lift its veil of secrecy and explain to their respective governments and to the public how such a massive exposure of private user data could have occurred.

Lieff Cabraser is investigating whether Facebook failed to employ reasonable security measures to prevent the taking of its users’ private information, and how that information was used by political data firm, Cambridge Analytica. If you know or suspect that your private Facebook data was exposed to Cambridge Analytica, we urge you to contact data privacy lawyers Michael Sobol and David Rudolph at Lieff Cabraser today via the form below to discuss your rights and potential remedies for the violation of your privacy.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone

How did you find our site?

Are you currently represented by an attorney?

Comments/questions:

Please sign me up for your Consumer Law newsletter. Yes

Uber Customer and Driver Data Hack Investigation

Data security digital privacy

Lieff Cabraser is investigating widespread reports of a data breach that exposed the personal data of 57 million Uber customers and drivers, a massive data breach that Uber reportedly concealed for over a year.

The stolen data is said to include names, email addresses and telephone numbers of 50 million Uber customers, personal information of 7 million Uber drivers, as well as 600,000 driver’s license numbers. It is not currently known if additional personal information was also accessed. Irresponsibly, instead of promptly reporting the data breach when it learned of it in October 2016, Uber paid a reported $100,000 ransom to hackers to conceal the breach and failed to report it, notify its customers, or inform the general public until November 21, 2017.

Contact a Personal Data Security Lawyer at Lieff Cabraser

If you are concerned that your information may have been compromised in the Uber data breach, or you have experienced identity theft or other action you think may be related to Uber’s data breach, we urge you to complete the contact form below today to submit your complaint.

Named Law360’s 2017 “Digital Privacy and Data Protection Practice Group of the Year,” our team of nationally-renowned consumer protection lawyers will review your case for free and with no obligation on your part.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Were you a driver or a customer?

If you know or suspect that your stolen Uber data was used to commit an identity crime, please describe your experience:

Please sign me up for your Consumer Law newsletter. Yes

Child Privacy Lawsuits

Apps

Class Actions Filed Against Walt Disney, Viacom, Kiloo, Sybo and Others, For Violations of the Privacy Rights of Children and their Parents

In July and August 2017, Lieff Cabraser filed class action lawsuits against several developers of children’s gaming apps and their software developer partners. These lawsuits allege that defendants unlawfully collected, used, and disseminated the personal information of children who played the gaming apps on smart phones, tablets, and other mobile devices. In June 2018, Lieff Cabraser filed amended complaints, which further detailed defendants’ unlawful behavior. These allegations cover some of the most popular child gaming apps: Nickelodeon’s Llama Spit Spit, Disney’s Princess Palace Pets, and Where’s My Water, and Kiloo’s Subway Surfers.

The lawsuits allege that children’s personal data is pulled from their devices using advertising tracking software. The app developers – including Kiloo, Disney, and Viacom, the parent company of Nickelodeon—license advertising software from software developers which they then embed in gaming apps marketed to children. When children download and play one of these games, the advertising tracking software gathers and sends children’s personal data to advertisers operating within vast advertising networks. The advertising networks may then improperly use that data to build detailed data profiles of the children playing the games in order to target them with advertising based upon their demographics and gaming and other online behavior. Gaming app developers and their advertising partners share in the revenue generated from this tracking behavior.

Below are descriptions of the defendants and their gaming apps included in these lawsuits.

If you suspect your child’s data might have been improperly acquired or used by a mobile game or app without your permission, please call us today at 1 800 541-7358 or use the form below. We welcome the opportunity to speak with you about the case.

The Improper Acquisition and Use of Children’s Data

In the online world, children are particularly vulnerable to companies that seek to profit from the collection and exchange of their private data. Parents and their children have a reasonable expectation of privacy in children’s online activity, which is why long-standing legal privacy protections exist to shield parents and their children from these intrusions, allow parents to maintain the privacy of their children, and provide the opportunity to raise their children as they see fit. By collecting personal information from unsuspecting children, without notice to or consent from their parents, Defendants have breached basic norms about how companies must conduct their business with children. These norms have existed in the bedrock of our society for centuries, and have been re-expressed time and again with the development of new technologies, such as motion pictures, radio, broadcast television, and cable television. For example, Congress recognized the offensiveness of the collection and commercial exploitation of children’s online data and behavior when it enacted the Children’s Online Privacy Protection Act.

Lieff Cabraser’s lawsuits seek to assist in protecting parents and their children from the unwanted collection and exploitation of children’s personal data, under time-honored laws protecting privacy: a California common law invasion of privacy claim, a California Constitution right of privacy claim, a California unfair competition claim, a New York General Business Law claim, a Massachusetts Unfair and Deceptive Trade Practices claim, and a Massachusetts statutory right to privacy claim.

The Gaming Apps

A. The Disney Lawsuit

Plaintiffs—parents on behalf of their children—allege that certain of Disney’s child gaming apps collect, use, and disseminate the personal information of the children playing those games.

The apps included in the complaint are Princess Palace Pets and the Where’s My Water apps (Where’s My Water?, Where’s My Water? 2, Where’s and My Water? Free/Lite).

The defendants in the lawsuit are Disney, the developer of these gaming apps, and the advertising software developers that had their software embedded within the gaming apps, including Upsight, Inc., Unity Technologies SF, Kochava, Inc., MoPub Inc. (owned by Twitter Inc.), and comScore, Inc. and Full Circle Studies Inc. The information collected, analyzed, and used allow Disney and its partners to track children’s activities for their own commercial gain.

B. The Viacom Lawsuit

Viacom, through its brand group Nickelodeon, develops and markets dozens of popular mobile apps for kids. Lieff Cabraser’s lawsuit alleges that in the app Llama Spit Spit, children’s personal information is collected from their personal devices without their or their parents’ knowledge or approval. This information is stored, analyzed, and used to allow Viacom and its partners to track children’s activities for their own commercial gain.

Also named as defendants in this lawsuit are advertising software developers that work with Viacom in these apps, including Upsight, Inc. and Unity Technologies SF.

C. The Subway Surfers Lawsuit

Defendants Kiloo A/S and Sybo ApS developed and market the hugely popular mobile app game Subway Surfers, a game marketed to and popular among children. Subway Surfers has more than a billion downloads worldwide. In its lawsuit against Kiloo and Sybo, Lieff Cabraser (on behalf of parents of child users of Subway Surfers) alleges that the Subway Surfers’ developers unlawfully collect and use children’s personal information from Subway Surfers in violation of privacy laws.

Also named as defendants in the lawsuit are advertising software developers that work with Kiloo and/or Sybo in these apps, including: AdColony, Chartboost, Flurry, Inc. and Oath Inc., InMobi Pte. Ltd, ironSource USA, Inc., Tapjoy, Inc., and Vungle, Inc.

Lieff Cabraser’s Work in Digital Privacy & Child Data Security

Lieff Cabraser is committed to helping parents protect their children, their privacy, and their children’s information in a world where electronic toys, mobile games, and digital devices with inherent security vulnerabilities are growing more and more pervasive. From voice-controlled home devices that can leak sensitive information to video-recording toys and interactive digital games whose data can be leaked or accessed improperly, our private data — and, in particular, children’s private information — faces a growing risk of exposure and improper sharing. An important part of our work protecting children and their data consists of ensuring that companies obey child data protection laws and take all the required steps to ensure that kids’ data remains secure and private.

Lieff Cabraser is similarly committed to ensuring that the fundamental right to privacy is respected and endures, even as technology evolves and society changes. Our cybersecurity attorneys possess extensive experience and the requisite technological background to successfully assert and litigate a comprehensive range of privacy claims.

We represent individuals and classes in precedent-setting cases impacting tens and even hundreds of millions of Americans against prominent technology, social media, and entertainment companies for violations of digital privacy rights and the failure to protect critically-sensitive personal, employee, and child data.

Lieff Cabraser partner Michael W. Sobol, chair of the firm’s Cybersecurity practice group, was named a Top California Cybersecurity Lawyer for 2018. In 2017, Sobol was selected by Law360 as an “MVP” for Cybersecurity and Privacy, and by the National Law Journal as a “Cybersecurity and Data Privacy Trailblazer.” Law360 named Lieff Cabraser’s Cybersecurity group as its 2017 “Practice Group of the Year” for Digital Privacy and Data Protection, and selected our firm as one of six “California Powerhouse” firms for litigation, the only plaintiffs’ firm so honored.

Contact a Privacy Lawyer at Lieff Cabraser


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Please provide any details or concerns about your child's game and app use:

Any additional comments:

Please sign me up for your Consumer Law newsletter. Yes

Hello Kitty SanrioTown

Data security digital privacy

Hackers have obtained information on more than 3 million people who use Hello Kitty websites including SanrioTown.com, hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th, and mymelody.com. The hackers obtained names, birth dates, genders, and email addresses. Even worse, the disclosure includes lightly-protected passwords, as well as the forgotten password questions and answers.

Why Many Allege that Sanrio is Liable

The Hello Kitty websites are operated by Tokyo-based Sanrio Company. Organizations such as Sanrio that hold personally identifiable information — particularly when it relates to children — owe a duty to safeguard this information and protect such information from being compromised, stolen, or misused.

Lieff Cabraser represents parents in nationwide class action lawsuits against device, app, and software creators for compromised and stolen personal data, including children’s private personal data, in the wake of serious failures to properly secure the data. If you fear your child’s private data was stolen or misused as a result of the Hello Kitty data breach, we would welcome a chance to talk to you about your legal rights. There is no charge or obligation for our review of your case.

First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Please provide any details of your child's use of SanrioTown and Hello Kitty online digital products:

Any additional comments:

Please sign me up for your Consumer Law newsletter. Yes

VTech Child Data Breach

Online privacy protection and data breach

Lieff Cabraser represents parents in a nationwide class action lawsuit against VTech arising after their children’s private personal information was obtained by hackers in the wake of VTech’s alleged failure to take reasonable precautions to secure the children’s data. The stolen information includes the children’s names, birthdates, images, email addresses, and home addresses. VTech acknowledges that data relating to more than 2.8 million children was stolen in the attack.

Background to the VTech Child Data Breach Case

VTech is a leading manufacturer and distributor of digital learning toys. Their products allow children to browse the Internet and communicate with each other. Parents can also download educational content for their children, including learning games and e-books.The information VTech requires from its users links parents to their children — this means, among other things, that VTech has a child’s physical address linked to his or her picture and name. Plaintiffs allege that, given the highly sensitive nature of the information VTech requires from its customers, keeping this information secure and private is essential to ensure each child’s safety.

Plaintiffs also allege that reasonable parents would never knowingly purchase a product or service that would compromise their child’s safety by exposing the child’s picture, name, date of birth, and address to the world. Indeed, VTech at all times represented that it kept its data secure. Despite these representations, VTech failed to take reasonable security precautions. Its product was vulnerable to what is known as a Structured Query Language (“SQL”) “injection attack,” which security experts explain exploits “the very first type of flaw that should be eliminated from any Web application.”

On November 14, 2015, hackers obtained personal information from more than 2.8 million children in the United States, as well as their parents. VTech confirmed and admitted that an “unauthorized party accessed VTech customer data.” In a statement released a few days later, VTech stated that the database contained profile information including names, email addresses, download history, passwords and mailing addresses. The database also included information on young children, including their names, genders and birthdates.

Relief Sought in the VTech Data Breach Case

Lieff Cabraser represents the parents of two children on behalf of themselves and others similarly situated seeking injunctive relief to compel VTech to implement adequate security, damages to compensate purchasers for the significant personal security costs they must now incur, damages because consumers purchased products that were in reality worth much less than their advertised value, and equitable relief including disgorgement of wrongful profits.

The parents and those like them now face costs, including out-of-pocket expenses, associated with the prevention, detection, and recovery from identity theft. There are also lost opportunity costs associated with effort expended and the loss of productivity from addressing and attempting to mitigate the actual and future consequences of the breach, including but not limited to efforts spent researching how to prevent, detect, contest and recover from identity data misuse.

Finally, these children and their parents face continued risk to their personal identity information, which remains in VTech’s possession and is subject to further breaches so long as VTech fails to undertake appropriate measures to protect the personal data in their possession.

Contact a Digital Privacy and Data Security Lawyer at Lieff Cabraser

If you have purchased a VTech digital learning toy for your children please use the form below to contact a data security attorney at Lieff Cabraser about the safety of your information and your rights. Lieff Cabraser is committed to ensuring that the fundamental right to privacy is respected and endures even as technology evolves and society changes, and we represent individuals in precedent-setting cases impacting tens of millions of Americans against prominent technology, social media, and entertainment corporations for alleged violations of digital privacy rights and the failure to protect critically-sensitive personal data.

We will review your case without charge or obligation. Lieff Cabraser agrees to protect your name and all confidential information you submit against disclosure, publication or unauthorized use to the full extent under the law.

Please note: Completion of this form cannot contractually obligate plaintiffs’ attorneys to represent you. We can only serve as your attorney if you and we both agree, in writing, that we will serve as your counsel.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

What VTech digital learning product did you purchase?

Please describe your concerns about Turn's tracking and privacy and your Verizon smartphone or tablet:

Please sign me up for your Consumer Law newsletter. Yes

Experian Data Breach

Abstract program code

Experian T-Mobile Data Breach Investigation

In the wake of news that at least one hacker has acquired the Experian personal and financial records of 15 million T-Mobile customers and other credit applicants, Lieff Cabraser is investigating consumer complaints that Experian may have failed to adequately safeguard and secure the financial and personal records of its consumers.

Consumer concern is elevated both because of the potential depth of financial information affected, and the length of the breach itself — which is reported to have gone on for two years.

In addition to personal information for approximately 15 million customers and T-Mobile service applicants, the data is also reported to have included information on applicants requiring a credit check for service or device financing from Sept. 1, 2013 through Sept. 16, 2015, Experian North America said in a statement.

In a letter to consumers, T-Mobile CEO John Legere said, “Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian.”

While Experian claims to have taken immediate action upon finding the breach, it noted that the stolen data included names, dates of birth, addresses, and Social Security numbers.

Why Experian May Be Liable for the Data Breach

Organizations that hold personally identifiable information, and in particular confidential personal financial information, owe a duty to safeguard this information and protect such information from being compromised, stolen, or misused. It is unknown at this time how the breach could have continued for so long without Experian knowing about it or taking action to protect its customers.

Contact National Personal Data Security Attorneys

If you are a T-Mobile user or applicant and have experienced identity theft or other action you think may be related to Experian’s data breach, we urge you to complete the contact form below to submit your complaint concerning Experian’s alleged failure to properly safeguard your confidential information. There is no charge or obligation for our review of your case.

We agree to protect your name and all confidential information you submit against disclosure, publication or unauthorized use to the full extent under the law. Please describe your complaint.Please note: Completion of this form cannot contractually obligate plaintiffs’ attorneys to represent you. We can only serve as your attorney if you and we both agree, in writing, that we will serve as your counsel.

First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

If you know or suspect that your stolen confidential personal/financial Experian data was used to commit an identity crime, please describe your experience::

Please sign me up for your Consumer Law newsletter. Yes

LinkedIn “Add Connections”

Abstract program code

Issue: Unauthorized use of identity
Result: $13 million settlement
Year: 2016

Lieff Cabraser represented individual members of LinkedIn, the online business and social networking site, who without their consent or authorization had their names and likenesses used by LinkedIn in reminder emails to those members’ contacts asking that they join LinkedIn.

The complaint specifically challenged LinkedIn’s use of a service it called “Add Connections.” Add Connections allowed LinkedIn members to import contacts from their external email accounts and email connection invitations to one or more of those contacts inviting them to connect on LinkedIn. If an Add Connections invitation was not accepted within a certain period of time, up to two “reminder emails” were sent reminding the recipient that the Add Connections invitation was pending.

U.S. District Judge Lucy H. Koh found that while LinkedIn members initially consented to importing their contacts and sending the Add Connections invitation, members had not consented to LinkedIn sending the two subsequent reminder emails.

Court Grants Final Approval to Settlement

In mid-2015, the parties notified the Court that they had reached a settlement and, on February 16, 2016, the Court granted final approval to a $13 million settlement, one of the largest per-class member settlements in a digital privacy class action. Moreover, LinkedIn agreed to make significant changes to Add Connections disclosures and functionality. Specifically, LinkedIn revised disclosures to real-time permission screens presented to LinkedIn members using Add Connections, and implemented new functionality allowing LinkedIn members to manage their contacts, including viewing and deleting contacts and sending invitations, and to stop reminder emails from being sent if members inadvertently sent out Add Connections invitations to non-members.

The settlement class consists of LinkedIn members who used Add Connections between September 17, 2011 and October 31, 2014. The settlement amount constitutes one of the largest per-class member settlements in a digital privacy class action.

Further details on the settlement, including information for settlement class members on how to submit a claim and important upcoming deadlines, can be found at AddConnectionsSettlement.com.

Google Message Scanning

Apps

Year:  2018
Result:  $2.2 million settlement

In Matera v. Google Inc., No. 5:15-cv-04062 (N.D. Cal.), Lieff Cabraser represented consumers in a digital privacy class action against Google Inc. over claims the popular Gmail service scanned outgoing user email messages to build marketing profiles and serve targeted ads.

The complaint alleged that Google routinely scanned email messages that were sent to non-Gmail users by Gmail subscribers, analyzed the content of those messages, and then shared that data with third parties in order to target ads to Gmail users, an invasion of privacy that violated the California Invasion of Privacy Act and the federal Electronic Communications Privacy Act.

In February 2018, the Court granted final approval to a $2.2 million settlement of the action. Under the settlement, Google made business-related changes to its Gmail service, as part of which, Google will no longer scan the contents of emails sent to Gmail accounts for advertising purposes, whether during the transmission process or after the emails have been delivered to the Gmail user’s inbox. The proposed changes, which will not apply to scanning performed to prevent the spread of spam or malware, will run for at least three years.

Lawyers Dedicated to Preserving Privacy

Lieff Cabraser is committed to ensuring that the fundamental right to privacy is respected and endures even as technology evolves.Our attorneys possess extensive experience and the requisite technological background to successfully assert and litigate all manner of privacy claims. We represent individuals in precedent-setting cases impacting tens of millions of Americans against prominent technology, social media, and entertainment corporations for alleged violations of digital privacy rights and the failure to protect critically-sensitive employee data.