Digital Privacy & Data Protection

Yahoo Data Breach

Online privacy protection and data breach

Issue: Failure to safeguard user accounts & information

In September 2016, numerous reports arose that internet giant Yahoo had suffered an extensive security breach relating to the accounts of hundreds of millions of users. Yahoo itself confirmed that hackers had obtained access to 500 million accounts, and at least one was selling account access information online. The stolen data includes user names, easily decrypted passwords, security questions, and personal information like birth dates and other email addresses (information that can be used as keys to decode user passwords and access pathways to other services and companies unrelated to Yahoo).

Contact National Digital Privacy Lawyers

Lieff Cabraser’s digital privacy lawyers represent millions of individuals in class action lawsuits against major internet business, service, and data storage providers involving allegations of insufficient and negligent data control and protection practices. For more information about Lieff Cabraser’s digital privacy cases, click here. If you suspect you may have suffered as a result of the reported Yahoo data breach, please contact us at 1 800 541-7358 or via the form below. The information you provide may help hold Yahoo accountable for any problems or errors in its data control and user protection practices.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes
Please leave this field empty.

21st Century Oncology Patient Data Breach

Online privacy protection and data breach

Issue: Failure to safeguard patient data records

Lieff Cabraser is investigating consumer complaints about the recent 21st Century Oncology patient data breach. Lieff Cabraser represents patients and consumers nationwide in class action lawsuits against insurance, media, medical, and other companies arising out of previous data breaches alleged to have been possible only because the companies involved did not maintain the security of patient and other data at industry standards.

Fort-Myers based cancer-care giant 21st Century Oncology is reporting that on October 3rd of last year, records of 2.2 million patients was accessed by unauthorized third parties. The accessed information may have included patient names, Social Security numbers, physician names, diagnosis and treatment data and insurance information, according to the company. The company says it has no evidence that medical records were accessed, and the FBI had asked them to remain silent about the breach when it notified them of it in November 2015.

As reported by The News-Press, news of the breach follows two other recent major public relations blows for the company: a $19.75 million whistle-blower settlement in December related to claims of improper billing for bladder cancer tests and a $34.7 million settlement announced Tuesday related to claims of improper radiation testing.

Contact Lieff Cabraser

If you have suffered or are concerned about identity theft related to the 21st Century Oncology October 2015 data breach, please use the form below to contact a data security attorney at Lieff Cabraser about the safety of your information and your rights. Lieff Cabraser is committed to ensuring that the fundamental right to privacy is respected and endures even as technology evolves and society changes, and we represent individuals in precedent-setting cases impacting tens of millions of Americans against prominent technology, social media, and entertainment corporations for alleged violations of digital privacy rights and the failure to protect critically-sensitive personal data.

First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Please describe your experience with or concerns about the 21st Century Oncology patient data breach.

Please sign me up for your Consumer Law newsletter. Yes
Please leave this field empty.

Hello Kitty SanrioTown

Data security digital privacy

Hackers have obtained information on more than 3 million people who use Hello Kitty websites including SanrioTown.com, hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th, and mymelody.com. The hackers obtained names, birth dates, genders, and email addresses. Even worse, the disclosure includes lightly-protected passwords, as well as the forgotten password questions and answers.

Why Many Allege that Sanrio is Liable

The Hello Kitty websites are operated by Tokyo-based Sanrio Company. Organizations such as Sanrio that hold personally identifiable information — particularly when it relates to children — owe a duty to safeguard this information and protect such information from being compromised, stolen, or misused.

Lieff Cabraser represents parents in nationwide class action lawsuits against device, app, and software creators for compromised and stolen personal data, including children’s private personal data, in the wake of serious failures to properly secure the data. If you fear your child’s private data was stolen or misused as a result of the Hello Kitty data breach, we would welcome a chance to talk to you about your legal rights. There is no charge or obligation for our review of your case.

First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Please provide any details of your child's use of SanrioTown and Hello Kitty online digital products:

Any additional comments:

Please sign me up for your Consumer Law newsletter. Yes
Please leave this field empty.

VTech Child Data Breach

Online privacy protection and data breach

Lieff Cabraser represents parents in a nationwide class action lawsuit against VTech arising after their children’s private personal information was obtained by hackers in the wake of VTech’s alleged failure to take reasonable precautions to secure the children’s data. The stolen information includes the children’s names, birthdates, images, email addresses, and home addresses. VTech acknowledges that data relating to more than 2.8 million children was stolen in the attack.

Background to the VTech Child Data Breach Case

VTech is a leading manufacturer and distributor of digital learning toys. Their products allow children to browse the Internet and communicate with each other. Parents can also download educational content for their children, including learning games and e-books.The information VTech requires from its users links parents to their children — this means, among other things, that VTech has a child’s physical address linked to his or her picture and name. Plaintiffs allege that, given the highly sensitive nature of the information VTech requires from its customers, keeping this information secure and private is essential to ensure each child’s safety.

Plaintiffs also allege that reasonable parents would never knowingly purchase a product or service that would compromise their child’s safety by exposing the child’s picture, name, date of birth, and address to the world. Indeed, VTech at all times represented that it kept its data secure. Despite these representations, VTech failed to take reasonable security precautions. Its product was vulnerable to what is known as a Structured Query Language (“SQL”) “injection attack,” which security experts explain exploits “the very first type of flaw that should be eliminated from any Web application.”

On November 14, 2015, hackers obtained personal information from more than 2.8 million children in the United States, as well as their parents. VTech confirmed and admitted that an “unauthorized party accessed VTech customer data.” In a statement released a few days later, VTech stated that the database contained profile information including names, email addresses, download history, passwords and mailing addresses. The database also included information on young children, including their names, genders and birthdates.

Relief Sought in the VTech Data Breach Case

Lieff Cabraser represents the parents of two children on behalf of themselves and others similarly situated seeking injunctive relief to compel VTech to implement adequate security, damages to compensate purchasers for the significant personal security costs they must now incur, damages because consumers purchased products that were in reality worth much less than their advertised value, and equitable relief including disgorgement of wrongful profits.

The parents and those like them now face costs, including out-of-pocket expenses, associated with the prevention, detection, and recovery from identity theft. There are also lost opportunity costs associated with effort expended and the loss of productivity from addressing and attempting to mitigate the actual and future consequences of the breach, including but not limited to efforts spent researching how to prevent, detect, contest and recover from identity data misuse.

Finally, these children and their parents face continued risk to their personal identity information, which remains in VTech’s possession and is subject to further breaches so long as VTech fails to undertake appropriate measures to protect the personal data in their possession.

Contact a Digital Privacy and Data Security Lawyer at Lieff Cabraser

If you have purchased a VTech digital learning toy for your children please use the form below to contact a data security attorney at Lieff Cabraser about the safety of your information and your rights. Lieff Cabraser is committed to ensuring that the fundamental right to privacy is respected and endures even as technology evolves and society changes, and we represent individuals in precedent-setting cases impacting tens of millions of Americans against prominent technology, social media, and entertainment corporations for alleged violations of digital privacy rights and the failure to protect critically-sensitive personal data.

We will review your case without charge or obligation. Lieff Cabraser agrees to protect your name and all confidential information you submit against disclosure, publication or unauthorized use to the full extent under the law.

Please note: Completion of this form cannot contractually obligate plaintiffs’ attorneys to represent you. We can only serve as your attorney if you and we both agree, in writing, that we will serve as your counsel.

First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

What VTech digital learning product did you purchase?

Please describe your concerns about Turn's tracking and privacy and your Verizon smartphone or tablet:

Please sign me up for your Consumer Law newsletter. Yes
Please leave this field empty.

Experian Data Breach

Abstract program code

Experian T-Mobile Data Breach Investigation

In the wake of news that at least one hacker has acquired the Experian personal and financial records of 15 million T-Mobile customers and other credit applicants, Lieff Cabraser is investigating consumer complaints that Experian may have failed to adequately safeguard and secure the financial and personal records of its consumers.

Consumer concern is elevated both because of the potential depth of financial information affected, and the length of the breach itself — which is reported to have gone on for two years.

In addition to personal information for approximately 15 million customers and T-Mobile service applicants, the data is also reported to have included information on applicants requiring a credit check for service or device financing from Sept. 1, 2013 through Sept. 16, 2015, Experian North America said in a statement.

In a letter to consumers, T-Mobile CEO John Legere said, “Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian.”

While Experian claims to have taken immediate action upon finding the breach, it noted that the stolen data included names, dates of birth, addresses, and Social Security numbers.

Why Experian May Be Liable for the Data Breach

Organizations that hold personally identifiable information, and in particular confidential personal financial information, owe a duty to safeguard this information and protect such information from being compromised, stolen, or misused. It is unknown at this time how the breach could have continued for so long without Experian knowing about it or taking action to protect its customers.

Contact National Personal Data Security Attorneys

If you are a T-Mobile user or applicant and have experienced identity theft or other action you think may be related to Experian’s data breach, we urge you to complete the contact form below to submit your complaint concerning Experian’s alleged failure to properly safeguard your confidential information. There is no charge or obligation for our review of your case.

We agree to protect your name and all confidential information you submit against disclosure, publication or unauthorized use to the full extent under the law. Please describe your complaint.Please note: Completion of this form cannot contractually obligate plaintiffs’ attorneys to represent you. We can only serve as your attorney if you and we both agree, in writing, that we will serve as your counsel.

First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

If you know or suspect that your stolen confidential personal/financial Experian data was used to commit an identity crime, please describe your experience::

Please sign me up for your Consumer Law newsletter. Yes
Please leave this field empty.

LinkedIn “Add Connections”

Abstract program code

Issue: Unauthorized use of identity
Result: $13 million settlement
Year: 2016

Lieff Cabraser represented individual members of LinkedIn, the online business and social networking site, who without their consent or authorization had their names and likenesses used by LinkedIn in reminder emails to those members’ contacts asking that they join LinkedIn.

The complaint specifically challenged LinkedIn’s use of a service it called “Add Connections.” Add Connections allowed LinkedIn members to import contacts from their external email accounts and email connection invitations to one or more of those contacts inviting them to connect on LinkedIn. If an Add Connections invitation was not accepted within a certain period of time, up to two “reminder emails” were sent reminding the recipient that the Add Connections invitation was pending.

U.S. District Judge Lucy H. Koh found that while LinkedIn members initially consented to importing their contacts and sending the Add Connections invitation, members had not consented to LinkedIn sending the two subsequent reminder emails.

Court Grants Final Approval to Settlement

In mid-2015, the parties notified the Court that they had reached a settlement and, on February 16, 2016, the Court granted final approval to a $13 million settlement, one of the largest per-class member settlements in a digital privacy class action. Moreover, LinkedIn agreed to make significant changes to Add Connections disclosures and functionality. Specifically, LinkedIn revised disclosures to real-time permission screens presented to LinkedIn members using Add Connections, and implemented new functionality allowing LinkedIn members to manage their contacts, including viewing and deleting contacts and sending invitations, and to stop reminder emails from being sent if members inadvertently sent out Add Connections invitations to non-members.

The settlement class consists of LinkedIn members who used Add Connections between September 17, 2011 and October 31, 2014. The settlement amount constitutes one of the largest per-class member settlements in a digital privacy class action.

Further details on the settlement, including information for settlement class members on how to submit a claim and important upcoming deadlines, can be found at AddConnectionsSettlement.com.

Google Message Scanning

Apps

Lieff Cabraser is investigating claims that Google routinely scans email messages that are sent by non-Gmail users to Gmail users, analyzes the content of those messages and then shares it with third parties in order to target ads to Gmail users. Consumers who are not Gmail users feel that since they have never consented to this kind of use of their private information by Google, this alleged usage by Google constitutes a manifest violation of their privacy.

Lawyers Dedicated to Preserving Privacy

Lieff Cabraser is committed to ensuring that the fundamental right to privacy is respected and endures even as technology evolves.Our attorneys possess extensive experience and the requisite technological background to successfully assert and litigate all manner of privacy claims. We represent individuals in precedent-setting cases impacting tens of millions of Americans against prominent technology, social media, and entertainment corporations for alleged violations of digital privacy rights and the failure to protect critically-sensitive employee data.

Contact us

If you have a non-Gmail account that you have used to send messages to Gmail users, your messages may well have been scanned and the information therein shared with third parties in order to create targeted advertising in a violation of your privacy rights. We welcome the opportunity to review your case and assist you in protecting your digital privacy.Please use the form below to contact an attorney at Lieff Cabraser or call us toll-free and ask to speak to Lieff Cabraser attorney Nick Diamand at 1 888 321-1510. There is no charge or obligation for our review of your complaint.

Excellus and Lifetime Healthcare Data Hack and Digital Privacy Complaints

Abstract program code

Lieff Cabraser represents New Yorkers and persons across America in lawsuits against health care providers for allegedly failing to safeguard and secure the medical records and other personally identifiable information of their members.

On September 9, 2015, Excellus BlueCross BlueShield revealed that one month earlier, its confidential patient medical records and those of its affiliates with the Lifetime Healthcare Companies were breached and hackers may have accessed the personal information of more than 10 million customers. The theft includes names, birth dates, social security numbers, billing information, and highly confidential health information.

We are investing complaints that Excellus BlueCross BlueShield and the Lifetime Healthcare Companies violated their duties to safeguard and protect consumers’ personal information, and their duties to disclose the breach to consumers in a timely manner.

Contact Lieff Cabraser

Excellus BlueCross and BlueShield members who wish to report their experiences or learn more about the data hack can contact Lieff Cabraser using the form below. We will review your claim for free and with no obligation on your part. The information you provide will be kept confidential.

AT&T NSA Surveillance

Online privacy protection and data breach

Year: 2008
Result: Congress passed law which granted immunity to AT&T

Hepting v. AT&T

Working closely with our co-counsel the Electronic Frontier Foundation, Lieff Cabraser played a leading role in the litigation against AT&T for assisting the National Security Agency to wiretap and data-mine Americans’ communications.

Plaintiffs alleged that AT&T collaborated with the NSA in a massive warrantless surveillance program that illegally tracked domestic and foreign communications — both by telephone and the internet — along with detailed records about millions of customer communications, in violation of the U.S. Constitution, the Electronic Communications Privacy Act, and other statutes.

The case was filed in January 2006. The U.S. government quickly intervened and sought dismissal. By the Spring of 2006, over 50 other lawsuits were filed against various telecommunications companies, in response to a USA Today article confirming that the NSA had been “secretly collection the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth.” The cases were combined into a multi-district litigation proceeding entitled In re National Security Agency Telecommunications Record Litigation, MDL No. 06-1791.

In June of 2006, the District Court rejected both the government’s attempt to dismiss the case on the grounds of the state secret privilege and AT&T’s arguments in favor of dismissal.

The government and AT&T appealed the decision and the U.S. Court of Appeals for the Ninth Circuit heard argument one year later. No decision was issued.

In July 2008, Congress granted the government and AT&T “retroactive immunity” for liability for their wiretapping program under amendments to the Foreign Intelligence Surveillance Act that were drafted in response to this litigation. Signed into law by President Bush in 2008, the amendments effectively terminated the litigation.

CGI Group Data Breach

Data security digital privacy

Issue: Failure to safeguard confidential records

Lieff Cabraser represents individuals in class action litigation against CGI Group, Inc. and CGI Federal, Inc. (collectively “CGI”) for allegedly facilitating a data breach affecting more than 1,000 U.S. citizens.

The U.S. government contracts with CGI to manage all U.S. passport application activities. Passport applicants must provide their name, date of birth, city of birth, state of birth, country of birth, social security number, sex, height, hair color, eye color, occupation, and evidence of U.S. citizenship, such as a previously issued U.S. passport, or U.S. birth certificate.

Between 2010 and May 2, 2015, CGI employees allegedly stole and sold personal information of passport applicants to cybercriminals. The mass identity theft allowed cybercriminals to use stolen information to buy cell phones and computers, and to obtain lines of credit. The complaint alleges that CGI failed to fulfill its legal duty to protect customers’ sensitive personal and financial information.

Contact us

Individuals who know or suspect that CGI employees appropriated their private personal data are invited to contact Lieff Cabraser by calling us toll-free at 1 800 541-7358 or by using the form below. We will review your claim for free and with no obligation on your part. The information you provide will be kept confidential.