Cybersecurity & Data Privacy

YouTube Child Privacy Violations and Lawsuits

Online privacy protection and data breach

Lieff Cabraser is investigating allegations of widespread child privacy violations by YouTube.

Lieff Cabraser represents parents and their children in a series of groundbreaking privacy lawsuits against major game and app developers and their advertising partners for improperly collecting and using children’s personal information to track and serve them targeted advertisements in popular and widely used children’s gaming apps.

Now, YouTube, the Federal Trade Commission, and the State of New York have announced a $170 million payment to settle allegations by the FTC and the New York Attorney General that YouTube engaged in similar misconduct, by profiting from the illegal collection of personal information from children without their parents’ consent to knowingly target their kids with behavioral ads.

The settlement requires Google and YouTube to pay $136 million to the FTC and $34 million to New York for allegedly violating the Children’s Online Privacy Protection Act (COPPA). The $136 million penalty is the largest amount the FTC has ever obtained under COPPA.

COPPA requires that child-directed websites and online services provide notice of their information practices and obtain parental consent prior to collecting personal information from children under 13, including the use of persistent identifiers to track a user’s Internet browsing habits for targeted advertising. In addition, third parties, including advertising networks, are also subject to COPPA if they have actual knowledge they are collecting personal information directly from users of child-directed websites and online services.

YouTube’s Violations Were Widespread and Rampant

YouTube has always had countless child-directed channels, and markets itself as a top destination for kids in presentations to the makers of popular children’s products and brands. Google and YouTube told potential toy marketers that “YouTube is today’s leader in reaching children age 6-11 against top TV channels” and that YouTube is the “#1 website regularly visited by kids.”

“YouTube touted its popularity with children to prospective corporate clients,” said FTC Chairman Joe Simons. “Yet when it came to complying with COPPA, the company refused to acknowledge that portions of its platform were clearly directed to kids. There’s no excuse for YouTube’s violations of the law.”

Federal Settlement Wildly Insufficient to Protect Our Kids

While the proposed FTC settlement may seem large, it is tiny compared to the billions of dollars YouTube and its owner Google reap every year, including many hundreds of millions of dollars per year targeting children alone. What’s more, the settlement’s injunctive relief does not adequately stop YouTube’s bad practices, leaving ample opportunity for the company to continue illegally harvesting and selling children’s personal information to advertisers.

Contact a National Privacy Rights Lawyer at Lieff Cabraser

If you are a parent concerned about YouTube’s illegal collection and monetization of your child’s private personal information in violation of U.S. law, we urge you to contact us today about your child’s rights and your potential case against YouTube.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone

How did you find our site?

Are you currently represented by an attorney?

Please provide any details or concerns about your child's YouTube use:

Please sign me up for your Consumer Law newsletter. Yes

BioReference Labs Data Breach

Medical records data breach

Collections agency working for healthcare provider BioReference Labs suffers major data breach from August 2018 through March 2019 exposing the personal and financial data of customers

Lieff Cabraser is investigating complaints about a data breach suffered by healthcare company BioReference Labs over the exposure of patient personal financial records. It has been reported that patient records from BioReference were impacted by the data breach from its collections agent American Medical Collection Agency. The breached data reportedly includes credit card numbers, bank account information, and Social Security numbers.

Please note that the exposed data only relates to BioReference customers whose billing was submitted for follow-up collections by American Medical Collection Agency. Though the breach began as far as back as August of 2018 and continued until the end of March 2019, information provided to BioReference Labs at an earlier date could still be impacted.

Contact a Personal Data Security Lawyer at Lieff Cabraser

If you are concerned that your information may have been compromised in the BioReference Labs data security failure, or if you have experienced identity theft or other action you think may be related to collections follow-up relating to healthcare services provided by BioReference, we urge you to complete the contact form below today to submit your complaint. Named Law360’s 2017 “Digital Privacy and Data Protection Practice Group of the Year,” our team of nationally-renowned consumer protection lawyers will review your case for free and with no obligation on your part.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone

How did you find our site?

Are you currently represented by an attorney?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes

OPKO Health Data Breach

Medical records data breach

Collections agency working for healthcare provider OPKO Health suffers major data breach from August 2018 through March 2019 exposing the personal and financial data of customers

Lieff Cabraser is investigating complaints about a data breach suffered by healthcare company OPKO Health over the exposure of patient personal financial records. It has been reported that patient records from OPKO were impacted by the data breach from its collections agent American Medical Collection Agency. The breached data reportedly includes credit card numbers, bank account information, and Social Security numbers.

Please note that the exposed data only relates to OPKO customers whose billing was submitted for follow-up collections by American Medical Collection Agency. Though the breach began as far as back as August of 2018 and continued until the end of March 2019, information provided to OPKO at an earlier date could still be impacted.

Contact a Personal Data Security Lawyer at Lieff Cabraser

If you are concerned that your information may have been compromised in the OPKO Health data security failure, or if you have experienced identity theft or other action you think may be related to collections follow-up relating to healthcare services provided by OPKO, we urge you to complete the contact form below today to submit your complaint. Named Law360’s 2017 “Digital Privacy and Data Protection Practice Group of the Year,” our team of nationally-renowned consumer protection lawyers will review your case for free and with no obligation on your part.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone

How did you find our site?

Are you currently represented by an attorney?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes

Sunrise Laboratories Data Breach

Medical records data breach

Collections agency working for healthcare provider Sunrise Laboratories suffers major data breach from August 2018 through March 2019 exposing the personal and financial data of customers

Lieff Cabraser is investigating complaints about a data breach suffered by healthcare company Sunrise Labs over the exposure of patient personal financial records. It has been reported that patient records from Sunrise were impacted by the data breach from its collections agent American Medical Collection Agency. The breached data reportedly includes credit card numbers, bank account information, and Social Security numbers.

Please note that the exposed data only relates to Sunrise customers whose billing was submitted for follow-up collections by American Medical Collection Agency. Though the breach began as far as back as August of 2018 and continued until the end of March 2019, information provided to Sunrise at an earlier date could still be impacted.

Contact a Personal Data Security Lawyer at Lieff Cabraser

If you are concerned that your information may have been compromised in the Sunrise Laboratories data security failure, or if you have experienced identity theft or other action you think may be related to collections follow-up relating to healthcare services provided by Sunrise, we urge you to complete the contact form below today to submit your complaint. Named Law360’s 2017 “Digital Privacy and Data Protection Practice Group of the Year,” our team of nationally-renowned consumer protection lawyers will review your case for free and with no obligation on your part


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone

How did you find our site?

Are you currently represented by an attorney?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes

Carecentrix Data Breach

Medical records data breach

Collections agency working for healthcare provider Carecentrix suffers major data breach from August 2018 through March 2019 exposing the personal and financial data of customers

Lieff Cabraser is investigating complaints about a data breach suffered by healthcare company Carecentrix over the exposure of patient personal financial records. It has been reported that patient records from Carecentrix were impacted by the data breach from its collections agent American Medical Collection Agency. The breached data reportedly includes credit card numbers, bank account information, and Social Security numbers.

Please note that the exposed data only relates to Carecentrix customers whose billing was submitted for follow-up collections by American Medical Collection Agency. Though the breach began as far as back as August of 2018 and continued until the end of March 2019, information provided to Carecentrix at an earlier date could still be impacted.

Contact a Personal Data Security Lawyer at Lieff Cabraser

If you are concerned that your information may have been compromised in the Carecentrix data security failure, or if you have experienced identity theft or other action you think may be related to collections follow-up relating to healthcare services provided by Carecentrix, we urge you to complete the contact form below today to submit your complaint. Named Law360’s 2017 “Digital Privacy and Data Protection Practice Group of the Year,” our team of nationally-renowned consumer protection lawyers will review your case for free and with no obligation on your part.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone

How did you find our site?

Are you currently represented by an attorney?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes

LabCorp Data Breach

Medical records data breach

Blood testing provider LabCorp suffers major data breach from August 2018 through March 2019 exposing the personal and financial data of nearly 8 million patients

Lieff Cabraser is investigating complaints about a data breach suffered by blood test company LabCorp over the exposure of millions of patient personal financial records. One of the largest blood test providers in the United States, LabCorp has admitted that the personal and financial information of nearly 8 million people was exposed in a massive data breach. The breached data includes credit card numbers, bank account information, and Social Security numbers.

Though the breach began as far as back as August of 2018 and continued until the end of March 2019, LabCorp says it still does not have sufficiently detailed or complete information on the breach to make a full report to regulators.

Contact a Personal Data Security Lawyer at Lieff Cabraser

If you are concerned that your information may have been compromised in the LabCorp data security failure, or if you have experienced identity theft or other action you think may be related to the LabCorp breach, we urge you to complete the contact form below today to submit your complaint. Named Law360’s 2017 “Digital Privacy and Data Protection Practice Group of the Year,” our team of nationally-renowned consumer protection lawyers will review your case for free and with no obligation on your part.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone

How did you find our site?

Are you currently represented by an attorney?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes

Quest Diagnostics Data Breach

Medical records data breach

Blood testing provider Quest Diagnostics suffers major data breach from August 2018 through March 2019 exposing the personal, financial, and medical data of 12 million patients

Lieff Cabraser represents plaintiffs in a data breach lawsuit filed against Quest Diagnostics over the exposure of millions of patient medical and financial records. One of the biggest blood test providers in the United States, Quest Diagnostics admitted to federal regulators that the personal financial and medical information of nearly 12 million people was exposed in a massive data breach. The breached data includes credit card numbers, bank account information, medical information, and Social Security numbers.

Though the breach began as far as back as August of 2018 and continued until the end of March 2019, Quest says it still does not have sufficiently detailed or complete information on the breach to make a full report to regulators.

Contact a Personal Data Security Lawyer at Lieff Cabraser

If you are concerned that your information may have been compromised in the Quest Diagnostics data security failure, or if you have experienced identity theft or other action you think may be related to the Quest Diagnostics breach, we urge you to complete the contact form below today to submit your complaint. Named Law360’s 2017 “Digital Privacy and Data Protection Practice Group of the Year,” our team of nationally-renowned consumer protection lawyers will review your case for free and with no obligation on your part.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone

How did you find our site?

Are you currently represented by an attorney?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes

First American Financial Corp. Document Leak

Online privacy protection and data breach

Lieff Cabraser is investigating reports of a data leak that exposed hundreds of millions of documents related to mortgage deals involving First American, a massive data leak that First American has acknowledged took place.

The leaked data is said to include bank account numbers and statement, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers licenses of persons who did mortgage deals involving First American dating as far back as 2003. The leaked information was available on First American’s website, without any need for authentication, to anyone on the Internet with access to the URLs. It is not currently known if persons accessed the information on a large scale. First American allegedly had the information available on its website dating back to March 2017 before taking the information down from its website on May 24, 2019.

Contact a Personal Data Security Lawyer at Lieff Cabraser

If you are concerned that your information may have been compromised in the First American Document Leak, or you have experienced identity theft or other action you think may be related to First American’s document leak, we urge you to complete the contact form below today to submit your complaint. Named Law360’s 2017 “Digital Privacy and Data Protection Practice Group of the Year,” our team of nationally-renowned consumer protection lawyers will review your case for free and with no obligation on your part.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

How did you find our site?

Are you currently represented by an attorney?

Did you provide First American with information as part of a mortgage deal from 2003 to the present?

If you know or suspect that the information you provided to First American was used to commit an identity crime, please describe your experience:

Please sign me up for your Consumer Law newsletter. Yes

YouTube Child Privacy Violations Investigation

Apps

Lieff Cabraser is investigating YouTube – the most popular online children’s programming platform – for violating children’s privacy. YouTube’s owner, Google, has for many years been collecting and using children’s personal data on YouTube without giving notice or obtaining advanced, verifiable parental consent. These privacy right violations impact tens of millions of U.S. children in the United States, and are the subject matter of an investigation by the Federal Trade Commission.

Google and YouTube’s practices with regard to children’s personal data violate the Children’s Online Privacy Protection Act (COPPA), as well as state privacy laws. Lieff Cabraser has filed similar child protection lawsuits against numerous other high-tech and online media companies seeking to to assist in protecting parents and their children from the unwanted collection and exploitation of children’s personal data and these companies’ illegal data collection and use practices.

Contact a Lieff Cabraser Child Privacy Lawyer

If your child uses YouTube’s website or mobile app, your child’s data may well have been improperly acquired or used without your permission. Please call us today at 1 800 541-7358 or use the form below. We welcome the opportunity to speak with you about your case.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

How did you find our site?

Are you currently represented by an attorney?

Please provide any details or concerns about your child's YouTube use:

Any additional comments:

Please sign me up for your Consumer Law newsletter. Yes

Google Nest Secure Secret Microphone Privacy Violations

Online privacy protection and data breach

In February 2019, it was revealed that Google’s home security system installed inside thousands of private homes, Nest Secure, contained hidden microphones. The revelation that homes were bugged by Nest Secure came from Google itself, as it sought to impress customers with a recent update that boosted its Nest Secure so that it could act as an AI-powered Google Assistant: “With the flip of a switch in the Nest app, you can set the Secure as an always-listening Assistant speaker,” the company said in a blog post touting the update.

Until that blog post, Google had never told Nest Secure customers that their homes were bugged, or that the devices in their homes contained microphones at all. Google’s excuse that it had made a simple “error” in failing to inform customers about the hidden microphone left customers furious, and with serious concerns about their compromised privacy.

Contact a Privacy Rights Lawyer at Lieff Cabraser

If you are a Google Nest Secure customer concerned about the privacy threats attendant to Google’s failure to tell users about the secret microphones hidden in Nest Secure devices, we urge you to use the form below to contact us today about your potential case.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

If not in U.S. list country

Postal Code

Telephone Day

How did you find our site?

Are you currently represented by an attorney?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes


Lieff Cabraser is Dedicated to Protecting and Preserving Privacy

Lieff Cabraser is committed to ensuring that the fundamental right to privacy is respected and endures, even as technology evolves and society changes. Our attorneys possess extensive experience and the technological background to successfully assert and litigate a comprehensive range of privacy claims. We represent individuals in precedent-setting cases impacting tens and even hundreds of millions of consumers against prominent technology, social media, and entertainment companies for violations of digital privacy rights and the failure to protect critically-sensitive private data.

Weather Channel User Tracking Complaints

finger pushing Weather app icon

Lieff Cabraser is investigating complaints that TWC Product & Technologies, through their popular Weather Channel smartphone app, deceptively uses the app’s access to private user geolocation data to improperly track minute details of consumers’ locations, and sells that data to third parties for unrelated — and undisclosed — commercial purposes.

The Weather Channel app is one of the most popular weather apps, with more than 100 million users. In seeking users’ permission to access their location data, TWC claims that this sensitive, detailed personal location information will be used to provide local weather forecasts and alerts. In actuality, TWC allegedly sells and monetizes that vast array of private user location information to generate massive profits unrelated to its weather services, including for use by hedge funds. TWC has gone so far as to characterize itself as “a location data company powered by weather.”

Contact a Data Privacy Lawyer at Lieff Cabraser

If you suspect your personal and private location data may have been improperly used and monetized by the Weather Channel app and TWC, we urge you to contact a data privacy lawyer at Lieff Cabraser’s award-winning cybersecurity practice group to learn more about your rights and further action that might be taken to hold TWC accountable.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone

How did you find our site?

Are you currently represented by an attorney?

Comments or questions:

Please sign me up for your Consumer Law newsletter. Yes

Marriott Hotel Guests Massive Data Breach and Theft

Marriott Hotel Arrival

In April 2019, Lieff Cabraser was named to the Plaintiffs’ Steering Committee in the multidistrict privacy and data theft litigation arising from hotel giant Marriott’s 2018 data breach, In re: Marriott International Inc. Customer Data Security Breach Litigation, No. 2879 (JPML).

Background on the Case

On November 30th, 2018, the Marriott Hotel chain reported that data relating to up to 500 million guests had been accessed and copied via its Starwood reservations system. The compromised and stolen data includes names, addresses, credit card numbers, travel histories, and even passport information for some guests. The data attack started as early as 2014, and may well be the largest personal record theft of all-time of such detailed private data.

The data theft was discovered in early September 2018 but only just reported publicly. It affects Marriott properties including Sheraton, Westin, W Hotels, St. Regis, Four Points, Aloft, Le Méridien, Tribute, Design Hotels, Elements and the Luxury Collection.

Contact a Cybersecurity and Data Privacy Lawyer at Lieff Cabraser

If you suspect your data was stolen in the massive Marriot and Starwood hotels security breach, we urge you to contact a data privacy lawyer at Lieff Cabraser about your potential case using the form below. The information you provide will help us hold Marriott and its chain hotels accountable for any lapses in security and improper delays in reporting the breach.

Lieff Cabraser is Dedicated to Protecting and Preserving Privacy

Lieff Cabraser is committed to ensuring that the fundamental right to privacy is respected and endures even as technology evolves and society changes. Our attorneys possess extensive experience and the requisite technological background to successfully assert and litigate a comprehensive range of privacy claims. We represent individuals in precedent-setting cases impacting tens and even hundreds of millions of Americans against prominent technology, social media, and entertainment companies for violations of digital privacy rights and the failure to protect critically-sensitive personal and employee data.

Learn more about our major successes in digital privacy and data breach cases, including the recent $115 million data breach settlement on behalf of Anthem patients, the $68 million settlement for LifeLock subscribers, and the $13 million settlement for LinkedIn users.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone

How did you find our site?

Are you currently represented by an attorney?

If you know or suspect that your Marriott Starwood stay data was stolen, please describe your experience:

Please sign me up for your Consumer Law newsletter. Yes

Google Tracking Complaints Lawsuit

Data and Location Tracking Complaints

In August 2018, Lieff Cabraser filed a federal class action lawsuit against Google based on user complaints that Google persists in tracking Android and iPhone users’ movements and activities even after users attempt to engage privacy settings in their Google accounts that are supposed to explicitly prevent Google from such tracking. The lawsuit seeks damages as well as a court order demanding that Google destroy all data captured from its geolocation tracking technology of the plaintiff and class members.

Privacy researchers have recently confirmed that the internet search and advertising giant uses your location history even if “Location History” is turned off on your mobile devices. The reports indicate that Google tells users they can “turn off Location History at any time,” such that “the places you go are no longer stored.” But researchers at Princeton University determined that’s just not true: even with location history disabled, some Google apps nevertheless automatically store time-stamped location data without alerting users that they are doing so.

Reports indicate that Google’s privacy-violative behavior affects some two billion users of devices running Google’s Android system as well as hundreds of millions of iPhone users who rely on Google search and map applications. Critics of Google’s practices say Google’s insistent and apparently inescapable tracking serves to boost its enormous advertising revenues, while users point out inconsistencies and even outright deceptions in Google’s communications about its location-tracking and storing practices.

Contact a National Privacy Lawyer at Lieff Cabraser

If you suspect your privacy has been improperly compromised by Google’s tracking and data storage activities, we invite you to write or call us at 1 800 541-7358 to discuss your rights and possible recovery. The information you provide will help us hold Google accountable for any violations of the privacy, tracking, and data retention laws. Unfortunately, we cannot help you with a lost or stolen phone.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

If not in U.S. list country

Postal Code

Telephone Day

How did you find our site?

Are you currently represented by an attorney?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes

23andMe Customer Genetic Data Sharing and Sale Complaints

23andMe customer complaints

Lieff Cabraser is investigating widespread customer complaints that 23andMe is selling intensely personal customer genetic data. Customers have expressed concerns about whether their intimate genetic data is being shared with insurance companies and medical providers.

Contact a National Data Security and Privacy Lawyer at Lieff Cabraser

If you are a 23andMe customer and have concerns about the for-profit sale of your intimate genetic code data by 23andMe, our nationally-ranked Cybersecurity and Data Privacy lawyers would welcome the chance to talk to you about 23andMe’s conduct and your legal rights. The information you provide will help us hold 23andMe accountable for any and all breaches of contract and privacy laws, and there is no charge or obligation for our review of your potential case.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

How did you find our site?

Are you currently represented by an attorney?

Please describe your experience with or concerns about 23andMe and the sharing or sale of private customer genetic data.

Please sign me up for your Consumer Law newsletter. Yes

Facebook/Cambridge Analytica Data Exposure

Online privacy protection and data breach

Lieff Cabraser is investigating reports that a political data firm was able to harvest detailed private information from more than 50 million Facebook users’ profiles without the users’ knowledge or consent. Facebook has apparently been aware of this breach for years, but failed to inform its users of it. Lawmakers in the U.S. and the United Kingdom have demanded that Facebook lift its veil of secrecy and explain to their respective governments and to the public how such a massive exposure of private user data could have occurred.

Lieff Cabraser is investigating whether Facebook failed to employ reasonable security measures to prevent the taking of its users’ private information, and how that information was used by political data firm, Cambridge Analytica. If you know or suspect that your private Facebook data was exposed to Cambridge Analytica, we urge you to contact data privacy lawyers Michael Sobol and David Rudolph at Lieff Cabraser today via the form below to discuss your rights and potential remedies for the violation of your privacy.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone

How did you find our site?

Are you currently represented by an attorney?

Comments/questions:

Please sign me up for your Consumer Law newsletter. Yes

Uber Customer and Driver Data Hack Investigation

Data security digital privacy

Lieff Cabraser is investigating widespread reports of a data breach that exposed the personal data of 57 million Uber customers and drivers, a massive data breach that Uber reportedly concealed for over a year.

The stolen data is said to include names, email addresses and telephone numbers of 50 million Uber customers, personal information of 7 million Uber drivers, as well as 600,000 driver’s license numbers. It is not currently known if additional personal information was also accessed. Irresponsibly, instead of promptly reporting the data breach when it learned of it in October 2016, Uber paid a reported $100,000 ransom to hackers to conceal the breach and failed to report it, notify its customers, or inform the general public until November 21, 2017.

Contact a Personal Data Security Lawyer at Lieff Cabraser

If you are concerned that your information may have been compromised in the Uber data breach, or you have experienced identity theft or other action you think may be related to Uber’s data breach, we urge you to complete the contact form below today to submit your complaint.

Named Law360’s 2017 “Digital Privacy and Data Protection Practice Group of the Year,” our team of nationally-renowned consumer protection lawyers will review your case for free and with no obligation on your part.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Were you a driver or a customer?

If you know or suspect that your stolen Uber data was used to commit an identity crime, please describe your experience:

Please sign me up for your Consumer Law newsletter. Yes

Child Privacy Lawsuits

Apps

Class Actions Filed Against Walt Disney, Viacom, Kiloo, Sybo and Others, For Violations of the Privacy Rights of Children and their Parents

In July and August 2017, Lieff Cabraser filed class action lawsuits against several developers of children’s gaming apps and their software developer partners. These lawsuits allege that defendants unlawfully collected, used, and disseminated the personal information of children who played the gaming apps on smart phones, tablets, and other mobile devices. In June 2018, Lieff Cabraser filed amended complaints, which further detailed defendants’ unlawful behavior. These allegations cover some of the most popular child gaming apps: Nickelodeon’s Llama Spit Spit, Disney’s Princess Palace Pets, and Where’s My Water, and Kiloo’s Subway Surfers.

The lawsuits allege that children’s personal data is pulled from their devices using advertising tracking software. The app developers – including Kiloo, Disney, and Viacom, the parent company of Nickelodeon—license advertising software from software developers which they then embed in gaming apps marketed to children. When children download and play one of these games, the advertising tracking software gathers and sends children’s personal data to advertisers operating within vast advertising networks. The advertising networks may then improperly use that data to build detailed data profiles of the children playing the games in order to target them with advertising based upon their demographics and gaming and other online behavior. Gaming app developers and their advertising partners share in the revenue generated from this tracking behavior.

Below are descriptions of the defendants and their gaming apps included in these lawsuits.

If you suspect your child’s data might have been improperly acquired or used by a mobile game or app without your permission, please call us today at 1 800 541-7358 or use the form below. We welcome the opportunity to speak with you about the case.

The Improper Acquisition and Use of Children’s Data

In the online world, children are particularly vulnerable to companies that seek to profit from the collection and exchange of their private data. Parents and their children have a reasonable expectation of privacy in children’s online activity, which is why long-standing legal privacy protections exist to shield parents and their children from these intrusions, allow parents to maintain the privacy of their children, and provide the opportunity to raise their children as they see fit. By collecting personal information from unsuspecting children, without notice to or consent from their parents, Defendants have breached basic norms about how companies must conduct their business with children. These norms have existed in the bedrock of our society for centuries, and have been re-expressed time and again with the development of new technologies, such as motion pictures, radio, broadcast television, and cable television. For example, Congress recognized the offensiveness of the collection and commercial exploitation of children’s online data and behavior when it enacted the Children’s Online Privacy Protection Act.

Lieff Cabraser’s lawsuits seek to assist in protecting parents and their children from the unwanted collection and exploitation of children’s personal data, under time-honored laws protecting privacy: a California common law invasion of privacy claim, a California Constitution right of privacy claim, a California unfair competition claim, a New York General Business Law claim, a Massachusetts Unfair and Deceptive Trade Practices claim, and a Massachusetts statutory right to privacy claim.

The Gaming Apps

A. The Disney Lawsuit

Plaintiffs—parents on behalf of their children—allege that certain of Disney’s child gaming apps collect, use, and disseminate the personal information of the children playing those games.

The apps included in the complaint are Princess Palace Pets and the Where’s My Water apps (Where’s My Water?, Where’s My Water? 2, Where’s and My Water? Free/Lite).

The defendants in the lawsuit are Disney, the developer of these gaming apps, and the advertising software developers that had their software embedded within the gaming apps, including Upsight, Inc., Unity Technologies SF, Kochava, Inc., MoPub Inc. (owned by Twitter Inc.), and comScore, Inc. and Full Circle Studies Inc. The information collected, analyzed, and used allow Disney and its partners to track children’s activities for their own commercial gain.

B. The Viacom Lawsuit

Viacom, through its brand group Nickelodeon, develops and markets dozens of popular mobile apps for kids. Lieff Cabraser’s lawsuit alleges that in the app Llama Spit Spit, children’s personal information is collected from their personal devices without their or their parents’ knowledge or approval. This information is stored, analyzed, and used to allow Viacom and its partners to track children’s activities for their own commercial gain.

Also named as defendants in this lawsuit are advertising software developers that work with Viacom in these apps, including Upsight, Inc. and Unity Technologies SF.

C. The Subway Surfers Lawsuit

Defendants Kiloo A/S and Sybo ApS developed and market the hugely popular mobile app game Subway Surfers, a game marketed to and popular among children. Subway Surfers has more than a billion downloads worldwide. In its lawsuit against Kiloo and Sybo, Lieff Cabraser (on behalf of parents of child users of Subway Surfers) alleges that the Subway Surfers’ developers unlawfully collect and use children’s personal information from Subway Surfers in violation of privacy laws.

Also named as defendants in the lawsuit are advertising software developers that work with Kiloo and/or Sybo in these apps, including: AdColony, Chartboost, Flurry, Inc. and Oath Inc., InMobi Pte. Ltd, ironSource USA, Inc., Tapjoy, Inc., and Vungle, Inc.

Lieff Cabraser’s Work in Digital Privacy & Child Data Security

Lieff Cabraser is committed to helping parents protect their children, their privacy, and their children’s information in a world where electronic toys, mobile games, and digital devices with inherent security vulnerabilities are growing more and more pervasive. From voice-controlled home devices that can leak sensitive information to video-recording toys and interactive digital games whose data can be leaked or accessed improperly, our private data — and, in particular, children’s private information — faces a growing risk of exposure and improper sharing. An important part of our work protecting children and their data consists of ensuring that companies obey child data protection laws and take all the required steps to ensure that kids’ data remains secure and private.

Lieff Cabraser is similarly committed to ensuring that the fundamental right to privacy is respected and endures, even as technology evolves and society changes. Our cybersecurity attorneys possess extensive experience and the requisite technological background to successfully assert and litigate a comprehensive range of privacy claims.

We represent individuals and classes in precedent-setting cases impacting tens and even hundreds of millions of Americans against prominent technology, social media, and entertainment companies for violations of digital privacy rights and the failure to protect critically-sensitive personal, employee, and child data.

Lieff Cabraser partner Michael W. Sobol, chair of the firm’s Cybersecurity practice group, was named a Top California Cybersecurity Lawyer for 2018. In 2017, Sobol was selected by Law360 as an “MVP” for Cybersecurity and Privacy, and by the National Law Journal as a “Cybersecurity and Data Privacy Trailblazer.” Law360 named Lieff Cabraser’s Cybersecurity group as its 2017 “Practice Group of the Year” for Digital Privacy and Data Protection, and selected our firm as one of six “California Powerhouse” firms for litigation, the only plaintiffs’ firm so honored.

Contact a Privacy Lawyer at Lieff Cabraser


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Please provide any details or concerns about your child's game and app use:

Any additional comments:

Please sign me up for your Consumer Law newsletter. Yes

Hello Kitty SanrioTown

Data security digital privacy

Hackers have obtained information on more than 3 million people who use Hello Kitty websites including SanrioTown.com, hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th, and mymelody.com. The hackers obtained names, birth dates, genders, and email addresses. Even worse, the disclosure includes lightly-protected passwords, as well as the forgotten password questions and answers.

Why Many Allege that Sanrio is Liable

The Hello Kitty websites are operated by Tokyo-based Sanrio Company. Organizations such as Sanrio that hold personally identifiable information — particularly when it relates to children — owe a duty to safeguard this information and protect such information from being compromised, stolen, or misused.

Lieff Cabraser represents parents in nationwide class action lawsuits against device, app, and software creators for compromised and stolen personal data, including children’s private personal data, in the wake of serious failures to properly secure the data. If you fear your child’s private data was stolen or misused as a result of the Hello Kitty data breach, we would welcome a chance to talk to you about your legal rights. There is no charge or obligation for our review of your case.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Please provide any details of your child's use of SanrioTown and Hello Kitty online digital products:

Any additional comments:

Please sign me up for your Consumer Law newsletter. Yes

VTech Child Data Breach

Online privacy protection and data breach

Lieff Cabraser represents parents in a nationwide class action lawsuit against VTech arising after their children’s private personal information was obtained by hackers in the wake of VTech’s alleged failure to take reasonable precautions to secure the children’s data. The stolen information includes the children’s names, birthdates, images, email addresses, and home addresses. VTech acknowledges that data relating to more than 2.8 million children was stolen in the attack.

Background to the VTech Child Data Breach Case

VTech is a leading manufacturer and distributor of digital learning toys. Their products allow children to browse the Internet and communicate with each other. Parents can also download educational content for their children, including learning games and e-books.The information VTech requires from its users links parents to their children — this means, among other things, that VTech has a child’s physical address linked to his or her picture and name. Plaintiffs allege that, given the highly sensitive nature of the information VTech requires from its customers, keeping this information secure and private is essential to ensure each child’s safety.

Plaintiffs also allege that reasonable parents would never knowingly purchase a product or service that would compromise their child’s safety by exposing the child’s picture, name, date of birth, and address to the world. Indeed, VTech at all times represented that it kept its data secure. Despite these representations, VTech failed to take reasonable security precautions. Its product was vulnerable to what is known as a Structured Query Language (“SQL”) “injection attack,” which security experts explain exploits “the very first type of flaw that should be eliminated from any Web application.”

On November 14, 2015, hackers obtained personal information from more than 2.8 million children in the United States, as well as their parents. VTech confirmed and admitted that an “unauthorized party accessed VTech customer data.” In a statement released a few days later, VTech stated that the database contained profile information including names, email addresses, download history, passwords and mailing addresses. The database also included information on young children, including their names, genders and birthdates.

Relief Sought in the VTech Data Breach Case

Lieff Cabraser represents the parents of two children on behalf of themselves and others similarly situated seeking injunctive relief to compel VTech to implement adequate security, damages to compensate purchasers for the significant personal security costs they must now incur, damages because consumers purchased products that were in reality worth much less than their advertised value, and equitable relief including disgorgement of wrongful profits.

The parents and those like them now face costs, including out-of-pocket expenses, associated with the prevention, detection, and recovery from identity theft. There are also lost opportunity costs associated with effort expended and the loss of productivity from addressing and attempting to mitigate the actual and future consequences of the breach, including but not limited to efforts spent researching how to prevent, detect, contest and recover from identity data misuse.

Finally, these children and their parents face continued risk to their personal identity information, which remains in VTech’s possession and is subject to further breaches so long as VTech fails to undertake appropriate measures to protect the personal data in their possession.

Contact a Digital Privacy and Data Security Lawyer at Lieff Cabraser

If you have purchased a VTech digital learning toy for your children please use the form below to contact a data security attorney at Lieff Cabraser about the safety of your information and your rights. Lieff Cabraser is committed to ensuring that the fundamental right to privacy is respected and endures even as technology evolves and society changes, and we represent individuals in precedent-setting cases impacting tens of millions of Americans against prominent technology, social media, and entertainment corporations for alleged violations of digital privacy rights and the failure to protect critically-sensitive personal data.

We will review your case without charge or obligation. Lieff Cabraser agrees to protect your name and all confidential information you submit against disclosure, publication or unauthorized use to the full extent under the law.

Please note: Completion of this form cannot contractually obligate plaintiffs’ attorneys to represent you. We can only serve as your attorney if you and we both agree, in writing, that we will serve as your counsel.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

What VTech digital learning product did you purchase?

Please describe your concerns about Turn's tracking and privacy and your Verizon smartphone or tablet:

Please sign me up for your Consumer Law newsletter. Yes

Experian Data Breach

Abstract program code

Experian T-Mobile Data Breach Investigation

In the wake of news that at least one hacker has acquired the Experian personal and financial records of 15 million T-Mobile customers and other credit applicants, Lieff Cabraser is investigating consumer complaints that Experian may have failed to adequately safeguard and secure the financial and personal records of its consumers.

Consumer concern is elevated both because of the potential depth of financial information affected, and the length of the breach itself — which is reported to have gone on for two years.

In addition to personal information for approximately 15 million customers and T-Mobile service applicants, the data is also reported to have included information on applicants requiring a credit check for service or device financing from Sept. 1, 2013 through Sept. 16, 2015, Experian North America said in a statement.

In a letter to consumers, T-Mobile CEO John Legere said, “Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian.”

While Experian claims to have taken immediate action upon finding the breach, it noted that the stolen data included names, dates of birth, addresses, and Social Security numbers.

Why Experian May Be Liable for the Data Breach

Organizations that hold personally identifiable information, and in particular confidential personal financial information, owe a duty to safeguard this information and protect such information from being compromised, stolen, or misused. It is unknown at this time how the breach could have continued for so long without Experian knowing about it or taking action to protect its customers.

Contact National Personal Data Security Attorneys

If you are a T-Mobile user or applicant and have experienced identity theft or other action you think may be related to Experian’s data breach, we urge you to complete the contact form below to submit your complaint concerning Experian’s alleged failure to properly safeguard your confidential information. There is no charge or obligation for our review of your case.

We agree to protect your name and all confidential information you submit against disclosure, publication or unauthorized use to the full extent under the law. Please describe your complaint.Please note: Completion of this form cannot contractually obligate plaintiffs’ attorneys to represent you. We can only serve as your attorney if you and we both agree, in writing, that we will serve as your counsel.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

If you know or suspect that your stolen confidential personal/financial Experian data was used to commit an identity crime, please describe your experience::

Please sign me up for your Consumer Law newsletter. Yes