Digital Privacy & Data Protection

COPPA Class Action Child Data Protection Lawsuits

Apps

Class Actions Filed Against The Walt Disney Company & Viacom, Others, For Violation of Child Privacy Laws

On August 7, 2017 and August 3, 2017, Lieff Cabraser and co-counsel filed federal class action lawsuits against The Walt Disney Company and against Viacom, respectively, alleging that Disney and Viacom violate state and federal privacy protection laws by exporting children’s personal information from mobile games aimed at children to advertising networks without the parental consent required by federal and state law.

If you suspect your child’s data may have been improperly acquired or used by a smartphone game or app in violation of COPPA and other consumer protection or privacy laws, please call us today at 1 800 541-7358 or use the form below. We welcome the opportunity to speak with you about the case.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Please provide any details or concerns about your child's game and app use:

Any additional comments:

Please sign me up for your Consumer Law newsletter. Yes
Please leave this field empty.


 VIDEO: USA Today, “Disney Sued for Reportedly Tracking
Children Through Mobile Games Illegally”

Lawsuit Against Kiloo & Sybo Over Subway Surfers Child Privacy Violations

Earlier, on July 31, 2017, we filed a separate class action lawsuit alleging that popular mobile app game Subway Surfers similarly violates privacy protection laws in the export of children’s personal information to advertising networks, again without obtaining required parental consent. That suit was brought against Kiloo ApS and Sybo ApS, the Danish companies that developed Subway Surfers. The game, directed to children under 13 years of age, has more than a billion downloads and is one of the most played games worldwide.

Apps & Games Exposing Kids to Illegal Data Gathering and Invasion of Privacy

The suit also alleges that certain other Kiloo or Sybo game apps also violate privacy laws. The other games referenced in the complaint are Frisbee Forever, Frisbee Forever 2, Spellbinders, Smash Champs, Tesla Tubes, Storm Blades, and Blades of Brim. Also named as defendants in the suit are the companies that embedded software in Subway Surfers to collect and export the children’s personal information. These defendant ad tech companies are AdColony, Chartboost, Flurry, Inc. and Altaba Inc., InMobi Inc. and InMobi Pte. Ltd, Ironsource Ltd. and Ironsource USA, Inc., Tapjoy, Inc. and Vungle, Inc. Plaintiffs allege that Kiloo and Sybo allowed ad tech companies to embed their tracking software into their gaming apps to collect, use, and disclose their children’s personal data in order to target them with advertisements.

What is The Children’s Online Privacy Protection Act (“COPPA”)

In 1999, Congress enacted the Children’s Online Privacy Protection Act (“COPPA”) to protect the safety and privacy of children online, and the autonomy of their parents, by providing parents the means to halt developers and third-party advertisers from snooping on and profiting from their children.

Many parents do not know that countless web and smartphone apps, including those created for children, are engineered to unlawfully exploit and commercialize underage users’ activity through hidden tracking technologies. As alleged in the complaint, these technologies unlawfully and surreptitiously collect and send data, including the users’ personal information, from the mobile device or tablet to third-parties. App developers and other third-parties then reap millions of dollars in profit from this personal information through lucrative targeted advertising.

Third Party Ad Networks May Be Improperly Accessing Your Child’s Data

COPPA requires app makers and site owners to strongly restrict the use of all information taken from and about child users 13 and younger. In addition to expressly requiring parental consent for all data, there are significant restrictions on the types and methods of marketing that can be made towards child users and leveraging those users’ data. These restrictions apply not just to app creators and site owners, but to any third-party networks and vendors that might place cookies in apps and sites to harvest and aggregate child data.

Child Privacy Data Breaches Are On The Rise

Recent widespread media reports highlight privacy dangers in child toys, including the exposure of voice recordings in toy pets and child info leaked from mobile app toys and games. Child data exposure dangers are unfortunately real, and increasing vigilance is required of parents as their kids’ info is improperly acquired or child data is leaked or improperly taken online.

Is My Child’s Data Safe?

Security issues and flaws relating to apps and Internet-connected children’s toys and games are also on the rise. Lawsuits allege that, in 2015, more than 6 million children’s names, ages, and genders were disclosed along with other related information when the leading manufacturer and distributor of digital learning toys, V-Tech, suffered a simple but devastating hack to its databases. A similar attack on allegedly insecure data stores affected Hello Kitty’s San Rio Town online in late 2015 as well.

Children’s data is increasingly vulnerable to improper acquisition and misuse. Many feel app makers have neglected their duties to safeguard the personal information of kids who are the consumers of the products they develop and distribute. A child’s name, age, location, birthdate, spoken language, and gender can be harvested easily, then misused for overreaching or inappropriate marketing purposes, all in violation of COPPA privacy laws. There are other risks as well– this data becomes even more valuable as the children grow up, and a hacker can hold on to this identifying information and use it when the child becomes an adult to cause harm via identity-based theft and related financial fraud.

Lieff Cabraser’s Work in Digital Privacy & Child Data Security

Lieff Cabraser is committed to helping parents protect their children, their privacy, and their children’s information in a world where electronic toys and games and digital devices with inherent security vulnerabilities are growing more and more pervasive. From voice-controlled home devices that can leak sensitive information to videorecording toys and interactive digital games whose data can be leaked or accessed improperly, our private data — and in particular private child information — faces a growing risk of exposure and improper sharing. An important part of our work protecting children and their data consists of ensuring that companies obey child data protection laws and take all the required steps to ensure that kids’ data remains secure and private.

Our attorneys possess extensive experience and the requisite technological background to successfully assert and litigate all manner of privacy claims. We represent individuals in precedent-setting cases impacting hundreds of millions of Americans against prominent technology, social media, and entertainment corporations for alleged violations of digital privacy rights, data overreaching, and the failure to protect critically-sensitive information.

Hello Kitty SanrioTown

Data security digital privacy

Hackers have obtained information on more than 3 million people who use Hello Kitty websites including SanrioTown.com, hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th, and mymelody.com. The hackers obtained names, birth dates, genders, and email addresses. Even worse, the disclosure includes lightly-protected passwords, as well as the forgotten password questions and answers.

Why Many Allege that Sanrio is Liable

The Hello Kitty websites are operated by Tokyo-based Sanrio Company. Organizations such as Sanrio that hold personally identifiable information — particularly when it relates to children — owe a duty to safeguard this information and protect such information from being compromised, stolen, or misused.

Lieff Cabraser represents parents in nationwide class action lawsuits against device, app, and software creators for compromised and stolen personal data, including children’s private personal data, in the wake of serious failures to properly secure the data. If you fear your child’s private data was stolen or misused as a result of the Hello Kitty data breach, we would welcome a chance to talk to you about your legal rights. There is no charge or obligation for our review of your case.

First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Please provide any details of your child's use of SanrioTown and Hello Kitty online digital products:

Any additional comments:

Please sign me up for your Consumer Law newsletter. Yes
Please leave this field empty.

VTech Child Data Breach

Online privacy protection and data breach

Lieff Cabraser represents parents in a nationwide class action lawsuit against VTech arising after their children’s private personal information was obtained by hackers in the wake of VTech’s alleged failure to take reasonable precautions to secure the children’s data. The stolen information includes the children’s names, birthdates, images, email addresses, and home addresses. VTech acknowledges that data relating to more than 2.8 million children was stolen in the attack.

Background to the VTech Child Data Breach Case

VTech is a leading manufacturer and distributor of digital learning toys. Their products allow children to browse the Internet and communicate with each other. Parents can also download educational content for their children, including learning games and e-books.The information VTech requires from its users links parents to their children — this means, among other things, that VTech has a child’s physical address linked to his or her picture and name. Plaintiffs allege that, given the highly sensitive nature of the information VTech requires from its customers, keeping this information secure and private is essential to ensure each child’s safety.

Plaintiffs also allege that reasonable parents would never knowingly purchase a product or service that would compromise their child’s safety by exposing the child’s picture, name, date of birth, and address to the world. Indeed, VTech at all times represented that it kept its data secure. Despite these representations, VTech failed to take reasonable security precautions. Its product was vulnerable to what is known as a Structured Query Language (“SQL”) “injection attack,” which security experts explain exploits “the very first type of flaw that should be eliminated from any Web application.”

On November 14, 2015, hackers obtained personal information from more than 2.8 million children in the United States, as well as their parents. VTech confirmed and admitted that an “unauthorized party accessed VTech customer data.” In a statement released a few days later, VTech stated that the database contained profile information including names, email addresses, download history, passwords and mailing addresses. The database also included information on young children, including their names, genders and birthdates.

Relief Sought in the VTech Data Breach Case

Lieff Cabraser represents the parents of two children on behalf of themselves and others similarly situated seeking injunctive relief to compel VTech to implement adequate security, damages to compensate purchasers for the significant personal security costs they must now incur, damages because consumers purchased products that were in reality worth much less than their advertised value, and equitable relief including disgorgement of wrongful profits.

The parents and those like them now face costs, including out-of-pocket expenses, associated with the prevention, detection, and recovery from identity theft. There are also lost opportunity costs associated with effort expended and the loss of productivity from addressing and attempting to mitigate the actual and future consequences of the breach, including but not limited to efforts spent researching how to prevent, detect, contest and recover from identity data misuse.

Finally, these children and their parents face continued risk to their personal identity information, which remains in VTech’s possession and is subject to further breaches so long as VTech fails to undertake appropriate measures to protect the personal data in their possession.

Contact a Digital Privacy and Data Security Lawyer at Lieff Cabraser

If you have purchased a VTech digital learning toy for your children please use the form below to contact a data security attorney at Lieff Cabraser about the safety of your information and your rights. Lieff Cabraser is committed to ensuring that the fundamental right to privacy is respected and endures even as technology evolves and society changes, and we represent individuals in precedent-setting cases impacting tens of millions of Americans against prominent technology, social media, and entertainment corporations for alleged violations of digital privacy rights and the failure to protect critically-sensitive personal data.

We will review your case without charge or obligation. Lieff Cabraser agrees to protect your name and all confidential information you submit against disclosure, publication or unauthorized use to the full extent under the law.

Please note: Completion of this form cannot contractually obligate plaintiffs’ attorneys to represent you. We can only serve as your attorney if you and we both agree, in writing, that we will serve as your counsel.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

What VTech digital learning product did you purchase?

Please describe your concerns about Turn's tracking and privacy and your Verizon smartphone or tablet:

Please sign me up for your Consumer Law newsletter. Yes
Please leave this field empty.

Experian Data Breach

Abstract program code

Experian T-Mobile Data Breach Investigation

In the wake of news that at least one hacker has acquired the Experian personal and financial records of 15 million T-Mobile customers and other credit applicants, Lieff Cabraser is investigating consumer complaints that Experian may have failed to adequately safeguard and secure the financial and personal records of its consumers.

Consumer concern is elevated both because of the potential depth of financial information affected, and the length of the breach itself — which is reported to have gone on for two years.

In addition to personal information for approximately 15 million customers and T-Mobile service applicants, the data is also reported to have included information on applicants requiring a credit check for service or device financing from Sept. 1, 2013 through Sept. 16, 2015, Experian North America said in a statement.

In a letter to consumers, T-Mobile CEO John Legere said, “Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian.”

While Experian claims to have taken immediate action upon finding the breach, it noted that the stolen data included names, dates of birth, addresses, and Social Security numbers.

Why Experian May Be Liable for the Data Breach

Organizations that hold personally identifiable information, and in particular confidential personal financial information, owe a duty to safeguard this information and protect such information from being compromised, stolen, or misused. It is unknown at this time how the breach could have continued for so long without Experian knowing about it or taking action to protect its customers.

Contact National Personal Data Security Attorneys

If you are a T-Mobile user or applicant and have experienced identity theft or other action you think may be related to Experian’s data breach, we urge you to complete the contact form below to submit your complaint concerning Experian’s alleged failure to properly safeguard your confidential information. There is no charge or obligation for our review of your case.

We agree to protect your name and all confidential information you submit against disclosure, publication or unauthorized use to the full extent under the law. Please describe your complaint.Please note: Completion of this form cannot contractually obligate plaintiffs’ attorneys to represent you. We can only serve as your attorney if you and we both agree, in writing, that we will serve as your counsel.

First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

If you know or suspect that your stolen confidential personal/financial Experian data was used to commit an identity crime, please describe your experience::

Please sign me up for your Consumer Law newsletter. Yes
Please leave this field empty.

LinkedIn “Add Connections”

Abstract program code

Issue: Unauthorized use of identity
Result: $13 million settlement
Year: 2016

Lieff Cabraser represented individual members of LinkedIn, the online business and social networking site, who without their consent or authorization had their names and likenesses used by LinkedIn in reminder emails to those members’ contacts asking that they join LinkedIn.

The complaint specifically challenged LinkedIn’s use of a service it called “Add Connections.” Add Connections allowed LinkedIn members to import contacts from their external email accounts and email connection invitations to one or more of those contacts inviting them to connect on LinkedIn. If an Add Connections invitation was not accepted within a certain period of time, up to two “reminder emails” were sent reminding the recipient that the Add Connections invitation was pending.

U.S. District Judge Lucy H. Koh found that while LinkedIn members initially consented to importing their contacts and sending the Add Connections invitation, members had not consented to LinkedIn sending the two subsequent reminder emails.

Court Grants Final Approval to Settlement

In mid-2015, the parties notified the Court that they had reached a settlement and, on February 16, 2016, the Court granted final approval to a $13 million settlement, one of the largest per-class member settlements in a digital privacy class action. Moreover, LinkedIn agreed to make significant changes to Add Connections disclosures and functionality. Specifically, LinkedIn revised disclosures to real-time permission screens presented to LinkedIn members using Add Connections, and implemented new functionality allowing LinkedIn members to manage their contacts, including viewing and deleting contacts and sending invitations, and to stop reminder emails from being sent if members inadvertently sent out Add Connections invitations to non-members.

The settlement class consists of LinkedIn members who used Add Connections between September 17, 2011 and October 31, 2014. The settlement amount constitutes one of the largest per-class member settlements in a digital privacy class action.

Further details on the settlement, including information for settlement class members on how to submit a claim and important upcoming deadlines, can be found at AddConnectionsSettlement.com.

Google Message Scanning

Apps

Lieff Cabraser is investigating claims that Google routinely scans email messages that are sent by non-Gmail users to Gmail users, analyzes the content of those messages and then shares it with third parties in order to target ads to Gmail users. Consumers who are not Gmail users feel that since they have never consented to this kind of use of their private information by Google, this alleged usage by Google constitutes a manifest violation of their privacy.

Lawyers Dedicated to Preserving Privacy

Lieff Cabraser is committed to ensuring that the fundamental right to privacy is respected and endures even as technology evolves.Our attorneys possess extensive experience and the requisite technological background to successfully assert and litigate all manner of privacy claims. We represent individuals in precedent-setting cases impacting tens of millions of Americans against prominent technology, social media, and entertainment corporations for alleged violations of digital privacy rights and the failure to protect critically-sensitive employee data.

Contact us

If you have a non-Gmail account that you have used to send messages to Gmail users, your messages may well have been scanned and the information therein shared with third parties in order to create targeted advertising in a violation of your privacy rights. We welcome the opportunity to review your case and assist you in protecting your digital privacy.Please use the form below to contact an attorney at Lieff Cabraser or call us toll-free and ask to speak to Lieff Cabraser attorney Nick Diamand at 1 888 321-1510. There is no charge or obligation for our review of your complaint.

Excellus and Lifetime Healthcare Data Hack and Digital Privacy Complaints

Abstract program code

Lieff Cabraser represents New Yorkers and persons across America in lawsuits against health care providers for allegedly failing to safeguard and secure the medical records and other personally identifiable information of their members.

On September 9, 2015, Excellus BlueCross BlueShield revealed that one month earlier, its confidential patient medical records and those of its affiliates with the Lifetime Healthcare Companies were breached and hackers may have accessed the personal information of more than 10 million customers. The theft includes names, birth dates, social security numbers, billing information, and highly confidential health information.

We are investing complaints that Excellus BlueCross BlueShield and the Lifetime Healthcare Companies violated their duties to safeguard and protect consumers’ personal information, and their duties to disclose the breach to consumers in a timely manner.

Contact Lieff Cabraser

Excellus BlueCross and BlueShield members who wish to report their experiences or learn more about the data hack can contact Lieff Cabraser using the form below. We will review your claim for free and with no obligation on your part. The information you provide will be kept confidential.

AT&T NSA Surveillance

Online privacy protection and data breach

Year: 2008
Result: Congress passed law which granted immunity to AT&T

Hepting v. AT&T

Working closely with our co-counsel the Electronic Frontier Foundation, Lieff Cabraser played a leading role in the litigation against AT&T for assisting the National Security Agency to wiretap and data-mine Americans’ communications.

Plaintiffs alleged that AT&T collaborated with the NSA in a massive warrantless surveillance program that illegally tracked domestic and foreign communications — both by telephone and the internet — along with detailed records about millions of customer communications, in violation of the U.S. Constitution, the Electronic Communications Privacy Act, and other statutes.

The case was filed in January 2006. The U.S. government quickly intervened and sought dismissal. By the Spring of 2006, over 50 other lawsuits were filed against various telecommunications companies, in response to a USA Today article confirming that the NSA had been “secretly collection the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth.” The cases were combined into a multi-district litigation proceeding entitled In re National Security Agency Telecommunications Record Litigation, MDL No. 06-1791.

In June of 2006, the District Court rejected both the government’s attempt to dismiss the case on the grounds of the state secret privilege and AT&T’s arguments in favor of dismissal.

The government and AT&T appealed the decision and the U.S. Court of Appeals for the Ninth Circuit heard argument one year later. No decision was issued.

In July 2008, Congress granted the government and AT&T “retroactive immunity” for liability for their wiretapping program under amendments to the Foreign Intelligence Surveillance Act that were drafted in response to this litigation. Signed into law by President Bush in 2008, the amendments effectively terminated the litigation.

CGI Group Data Breach

Data security digital privacy

Issue: Failure to safeguard confidential records

Lieff Cabraser represents individuals in class action litigation against CGI Group, Inc. and CGI Federal, Inc. (collectively “CGI”) for allegedly facilitating a data breach affecting more than 1,000 U.S. citizens.

The U.S. government contracts with CGI to manage all U.S. passport application activities. Passport applicants must provide their name, date of birth, city of birth, state of birth, country of birth, social security number, sex, height, hair color, eye color, occupation, and evidence of U.S. citizenship, such as a previously issued U.S. passport, or U.S. birth certificate.

Between 2010 and May 2, 2015, CGI employees allegedly stole and sold personal information of passport applicants to cybercriminals. The mass identity theft allowed cybercriminals to use stolen information to buy cell phones and computers, and to obtain lines of credit. The complaint alleges that CGI failed to fulfill its legal duty to protect customers’ sensitive personal and financial information.

Contact us

Individuals who know or suspect that CGI employees appropriated their private personal data are invited to contact Lieff Cabraser by calling us toll-free at 1 800 541-7358 or by using the form below. We will review your claim for free and with no obligation on your part. The information you provide will be kept confidential.

Anthem Data Breach

Data security digital privacy

Issue: Failure to safeguard confidential patient records

Lieff Cabraser partner Michael W. Sobol serves on the Plaintiffs’ Steering Committee in litigation against health insurance giant Anthem, Inc., for Anthem’s failure to implement and abide by standard security protocols, which resulted in a massive 2015 data breach involving identifiable personal information and health information belonging to over 80 million of Anthem’s members.

Because insurers like Anthem collect and store highly sensitive information as part of their business practices, they must ensure that such information is properly safeguarded and shielded from cybercriminals.

Anthem Privacy Breach

Anthem’s customer database was allegedly attacked by international hackers on December 10, 2014. Anthem says it discovered the breach on January 27, 2015, and reported it about a week later on February 4, 2015.

The scale of the breach is massive. The personal information of nearly 80 million may have been compromised. The theft includes names, birth dates, social security numbers, billing information, and highly confidential health information.

Why Anthem Is Liable For The Data Security Breach

Organizations that hold personally identifiable information, and in particular confidential personal health information, owe a duty to safeguard this information and protect such information from being compromised, stolen, or misused.

The Anthem class action complaint charges that Anthem was on notice about the weaknesses in its computer security defenses for at least a year before the breach occurred. According to a September 2013 audit, the U.S. Office of Personnel Management’s Inspector General found vulnerabilities that could provide “a gateway for malicious virus and hacking activity that could lead to data breaches.” The complaint charges that Anthem violated its duty to safeguard and protect consumers’ personal information, and violated its duty to disclose the breach to consumers in a timely manner.

Contact Lieff Cabraser

If you received your health care from Anthem, including Blue Cross and Blue Shield, please complete the contact form below to contact Lieff Cabraser to submit your complaint concerning Anthem’s failures to safeguard your confidential information. There is no charge or obligation for our review of your case.

First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes
Please leave this field empty.