Cybersecurity & Data Privacy

Google Message Scanning

Apps

Year:  2018
Result:  $2.2 million settlement

In Matera v. Google Inc., No. 5:15-cv-04062 (N.D. Cal.), Lieff Cabraser represented consumers in a digital privacy class action against Google Inc. over claims the popular Gmail service scanned outgoing user email messages to build marketing profiles and serve targeted ads.

The complaint alleged that Google routinely scanned email messages that were sent to non-Gmail users by Gmail subscribers, analyzed the content of those messages, and then shared that data with third parties in order to target ads to Gmail users, an invasion of privacy that violated the California Invasion of Privacy Act and the federal Electronic Communications Privacy Act.

In February 2018, the Court granted final approval to a $2.2 million settlement of the action. Under the settlement, Google made business-related changes to its Gmail service, as part of which, Google will no longer scan the contents of emails sent to Gmail accounts for advertising purposes, whether during the transmission process or after the emails have been delivered to the Gmail user’s inbox. The proposed changes, which will not apply to scanning performed to prevent the spread of spam or malware, will run for at least three years.

Lawyers Dedicated to Preserving Privacy

Lieff Cabraser is committed to ensuring that the fundamental right to privacy is respected and endures even as technology evolves. Our attorneys possess extensive experience and the requisite technological background to successfully assert and litigate all manner of privacy claims. We represent individuals in precedent-setting cases impacting tens of millions of Americans against prominent technology, social media, and entertainment corporations for alleged violations of digital privacy rights and the failure to protect critically-sensitive employee data.

AT&T NSA Surveillance

Online privacy protection and data breach

Year: 2008
Result: Congress passed law which granted immunity to AT&T

Hepting v. AT&T

Working closely with our co-counsel the Electronic Frontier Foundation, Lieff Cabraser played a leading role in the litigation against AT&T for assisting the National Security Agency to wiretap and data-mine Americans’ communications.

Plaintiffs alleged that AT&T collaborated with the NSA in a massive warrantless surveillance program that illegally tracked domestic and foreign communications — both by telephone and the internet — along with detailed records about millions of customer communications, in violation of the U.S. Constitution, the Electronic Communications Privacy Act, and other statutes.

The case was filed in January 2006. The U.S. government quickly intervened and sought dismissal. By the Spring of 2006, over 50 other lawsuits were filed against various telecommunications companies, in response to a USA Today article confirming that the NSA had been “secretly collection the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth.” The cases were combined into a multi-district litigation proceeding entitled In re National Security Agency Telecommunications Record Litigation, MDL No. 06-1791.

In June of 2006, the District Court rejected both the government’s attempt to dismiss the case on the grounds of the state secret privilege and AT&T’s arguments in favor of dismissal.

The government and AT&T appealed the decision and the U.S. Court of Appeals for the Ninth Circuit heard argument one year later. No decision was issued.

In July 2008, Congress granted the government and AT&T “retroactive immunity” for liability for their wiretapping program under amendments to the Foreign Intelligence Surveillance Act that were drafted in response to this litigation. Signed into law by President Bush in 2008, the amendments effectively terminated the litigation.

CGI Group Data Breach

Data security digital privacy

Issue: Failure to safeguard confidential records

Lieff Cabraser represents individuals in class action litigation against CGI Group, Inc. and CGI Federal, Inc. (collectively “CGI”) for allegedly facilitating a data breach affecting more than 1,000 U.S. citizens.

The U.S. government contracts with CGI to manage all U.S. passport application activities. Passport applicants must provide their name, date of birth, city of birth, state of birth, country of birth, social security number, sex, height, hair color, eye color, occupation, and evidence of U.S. citizenship, such as a previously issued U.S. passport, or U.S. birth certificate.

Between 2010 and May 2, 2015, CGI employees allegedly stole and sold personal information of passport applicants to cybercriminals. The mass identity theft allowed cybercriminals to use stolen information to buy cell phones and computers, and to obtain lines of credit. The complaint alleges that CGI failed to fulfill its legal duty to protect customers’ sensitive personal and financial information.

Contact us

Individuals who know or suspect that CGI employees appropriated their private personal data are invited to contact Lieff Cabraser by calling us toll-free at 1 800 541-7358 or by using the form below. We will review your claim for free and with no obligation on your part. The information you provide will be kept confidential.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

How did you find our site?

Are you currently represented by an attorney?

Please describe your experience:

Please sign me up for your Consumer Law newsletter. Yes

Anthem Data Breach

Data security digital privacy

Issue: Failure to safeguard confidential patient records

Lieff Cabraser partner Michael W. Sobol serves on the Plaintiffs’ Steering Committee in litigation against health insurance giant Anthem, Inc., for Anthem’s failure to implement and abide by standard security protocols, which resulted in a massive 2015 data breach involving identifiable personal information and health information belonging to over 80 million of Anthem’s members.

Because insurers like Anthem collect and store highly sensitive information as part of their business practices, they must ensure that such information is properly safeguarded and shielded from cybercriminals.

Anthem Privacy Breach

Anthem’s customer database was allegedly attacked by international hackers on December 10, 2014. Anthem says it discovered the breach on January 27, 2015, and reported it about a week later on February 4, 2015.

The scale of the breach was massive. The personal information of nearly 80 million may have been compromised. The theft includes names, birth dates, social security numbers, billing information, and highly confidential health information.

The litigation alleged that organizations that hold personally identifiable information, and in particular confidential personal health information, owe a duty to safeguard this information and protect such information from being compromised, stolen, or misused, and that Anthem was on notice about the weaknesses in its computer security for at least a year before the breach occurred.

Court Grants Final Approval to Settlement

On August 16, 2018, the United States District Court for the Northern District of California granted final approval to a class action settlement in the Anthem Data Breach Litigation, which required Anthem to undertake significant additional cybersecurity measures to better safeguard information going forward, and to pay $115 million into a settlement fund from which benefits to settlement class members will be paid. The benefits to class members under the settlement include a minimum of two years of free credit monitoring, or a cash payment of $50 in lieu of credit monitoring for class members who already have such protection, and compensation up to $10,000 per class member for documented out-of-pocket losses attributable to the data breach.

Following the dismissal of appeals to the District Court’s order approving the settlement, the settlement became effective on October 25, 2018. Claims are now being processed. The deadline to submit a claim for credit monitoring services or the cash payment was July 19, 2018. Those benefits will be distributed, by December 1, 2018, to class members who submitted timely and valid claim forms.

The deadline to claim compensation for out-of-pocket costs will be August 16, 2019. More information about the settlement, and instructions for filing a claim, are available on the settlement website, at www.databreach-settlement.com.

Turn Web Tracking

Data security digital privacy

Issue: Privacy violations

Lieff Cabraser represents plaintiffs in class action litigation alleging that internet marketing company Turn, Inc. violates users’ digital privacy by installing software tracking beacons on smartphones, tablets, and other mobile computing devices. The complaint alleges that in an effort to thwart standard privacy settings and features, Turn deploys so-called “zombie cookies” that cannot be detected or deleted, and that track smartphone activity across various browsers and applications. This conduct allegedly violates consumer protection statutes and the common law.

How Turn Ignored Privacy Concerns

Most smartphones and browsers have standard features for clearing and blocking “cookies,” which are small pieces of data sent from a website and stored in a user’s web browser program, and which can be used to track the user’s Internet activity. According to the complaint, Turn’s own research found that 69% of users routinely delete cookies in order to “shield their online privacy,” and that the majority of people had serious privacy concerns with online tracking and profiling.

Nevertheless, Turn allegedly deploys cookies that evade detection or deletion — the cookies regenerate even if deleted by a smartphone user, prompting security experts to call them “zombie cookies” or “super cookies.” According to the complaint, Turn does this by secretly exploiting a feature of the routing processes of all Verizon customers’ mobile devices. This allows Turn to track and correlate Internet activity across the entire device. Turn’s surveillance, therefore, vastly eclipses traditional methods of gathering user data. Turn uses the data harvested by these cookies to build robust user profiles and sell targeted and profitable advertising. All of this is done without the user’s knowledge or consent.

The Plaintiffs allege that Turn’s conduct violates consumer protection laws and amounts to trespass. Plaintiffs seek injunctive and declaratory relief, restitution, and statutory and monetary damages.

Contact Lieff Cabraser

If you own a smart mobile device — for example, an iPhone or Android phone or tablet — and you have a Verizon data plan for that device, your privacy rights may have been violated by Turn. We welcome the opportunity to review your case and assist you in protecting your digital privacy.

Please use the form below to contact an attorney at Lieff Cabraser or call us toll-free and ask to speak to Lieff Cabraser attorney Nimish Desai at 1 800-541-7358. There is no charge or obligation for our review of your complaint.We will review your case without charge or obligation. Lieff Cabraser agrees to protect your name and all confidential information you submit against disclosure, publication or unauthorized use to the full extent under the law.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Please describe your concerns about Turn's tracking and privacy and your Verizon smartphone or tablet:

Please sign me up for your Consumer Law newsletter. Yes

Turbo Tax Identity Theft & Tax Fraud

Digital privacy and data security

Issue: Identity theft and tax fraud

Lieff Cabraser represents identity theft victims in a nationwide class action lawsuit against Intuit for allegedly failing to protect consumers’ data from foreseeable and preventable breaches, and facilitating the filing of fraudulent tax returns through its TurboTax software program. TurboTax is used on an estimated 30 million tax returns for American taxpayers every year.

Intuit TurboTax Lawsuit Allegations

The complaint alleges that Intuit knew of the widespread use of TurboTax software for the filing of fraudulent returns, but failed to adopt basic cyber security policies to prevent user data access and misuse by hackers and other cybercriminals, and as a result, fraudulent tax returns were filed in the names of the plaintiffs and thousands of other individuals across America.

“Rather than safeguarding customers’ personal and financial information, the complaint charges that Intuit facilitated identity theft and tax fraud by failing to adopt security measures that would have kept criminals from stealing sensitive data on potentially millions of consumers,” stated Lieff Cabraser attorney Michael W. Sobol.

In the case of one plaintiff, she used TurboTax in 2010 to file her federal and state 2010 tax returns. Thereafter, she no longer used the program to file tax returns. In March 2015, four years after she used the program, she received a bill from TurboTax for $242 for the purported electronic filing of 2014 tax returns in Michigan, Ohio, and Oklahoma, and for filing a federal home and business return. Fraudulent tax returns were filed in all of these jurisdictions in the plaintiff’s name.

Another plaintiff neither purchased TurboTax nor provided any personal and sensitive information to Intuit through TurboTax. Nevertheless, the plaintiff learned that fraudulent federal tax return was filed earlier this year in her name through TurboTax.

Relief Sought from Intuit

The complaint seeks damages and injunctive relief, including an order requiring Intuit to implement stricter cyber security measures that will adequately safeguard customer personal and financial information.

Contact Lieff Cabraser

If you have been victimized by identify theft and/or a fraudulent tax return was filed in your name using TurboTax software, we welcome the opportunity to review your claim. There is no charge or obligation for our review of your case.

We will review your case without charge or obligation. Lieff Cabraser agrees to protect your name and all confidential information you submit against disclosure, publication or unauthorized use to the full extent under the law.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Did you purchase Intuit's TurboTax?

If you answered 'yes' above, what year(s)?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes

Sony Data Breach

Digital privacy and data security

Issue: Failure to safeguard confidential employee records
Result: $8 million settlement

Lieff Cabraser served as Plaintiffs’ Co-Lead Counsel in class action litigation against Sony for its failure to take reasonable measures to secure the data of its employees from hacking and other attacks. In October 2015, an $8 million settlement was reached under which Sony will reimburse employees for losses and harm.

In 2014, hackers stole the personally identifiable information of thousands of current and former Sony employees and their families (including Social Security Numbers, addresses, salaries and other employment information, and medical information), and published some of the information on the Internet.  In April 2016, the Court approved a class settlement that provides for up to $4.5 million to reimburse class members for their losses, and also provides class members with two additional years of identity protection services.

In rejecting Sony’s motion to dismiss the core allegations of the lawsuit, the Court stated, “It is reasonable to infer that the data breach and resulting publication of plaintiffs’ [personal identifying information] has drastically increased their risk of identity theft, relative to both the time period before the breach, as well as to the risk born by the general public.” The Court added, “It is commonly known that the consequences resulting from identity theft can be both serious and long-lasting.”

Sony Data Hack Lawsuit Allegations

The complaint, filed on December 18, 2014, charged that Sony owed a duty to take reasonable step to secure the data of its employees from hacking. Sony allegedly breached this duty by failing to properly invest in adequate IT security, despite having already succumbed to one of the largest data breaches in history only three years ago.

The complaint alleged that Sony’s acts and omissions constituted negligence and violated California law including the California data breach notification and medical records retention statutes. The lawsuit sought damages and injunctive relief.

Proposed Class

The class action lawsuit was filed on behalf of all current and former employees of Sony, and their families, within the United States whose personally identifiable information was compromised by the recent data breach.

Google Street View

Google street view car

Issue: Interception of private communications

Lieff Cabraser serves as Plaintiffs’ Liaison Counsel in multi-district litigation in federal court in San Francisco against Google arising out of its interception of electronic communications by Google’s Street View vehicles.

Google Street View vehicles are equipped with cameras to take 360 degree views of streets and 3G/GSM/Wi-Fi antennas with custom-designed software for the capture and storage of wireless signals and data. Since 2007, Google has deployed its Street View vehicles across the U.S.Plaintiffs are individuals who reside in various states and who maintained a Wi-Fi network in their homes. They used their Wi-Fi connection to send and receive private data, including usernames, passwords and personal email messages.

Google Street View Privacy Case Status

Following argument by Lieff Cabraser founding partner Elizabeth Cabraser, in September 2013 the Ninth Circuit Court of Appeals held that federal privacy law applies to residential Wi-Fi networks and that personal information transmitted over Wi-Fi is protected against unauthorized interception. The holding was hailed as “a landmark decision for Internet privacy.” The District Court has authorized an independent expert to search the data intercepted by Google to determine the extent of access to the class representatives’ private information.

Plaintiffs’ Street View Case Allegations

The Consolidated Class Action complaint charges that Google’s Street View vehicles not only collect images for inclusion in Google Maps and Google Earth, but also are secretly imbedded with a wireless sniffer system (also referred to as a packet analyzer) that intercepts electronic communications and other data transmitted over class members’ wireless network. While Google issued press releases disclosing its intent to utilize the vehicles to take photos, it failed to disclose its intent to capture Wi-Fi data. Google has stored class members’ data on its servers, and the data includes email messages, usernames, passwords and other private data.

The complaint charges that Google’s unauthorized interception of private Wi-Fi communications violates the federal Wiretap Act, state wiretap statutes, and California’s unfair business practices. The federal Wiretap Act imposes liability against any person or corporation that “intentionally intercepts, endeavors to intercept, … any wire, oral, or electronic communication.” 18 U.S.C. S 2511(1).

Contact Lieff Cabraser

If you are concerned that your privacy has been violated by the Google Street View data-gathering project, please use the form below to contact Lieff Cabraser to discuss your legal rights and remedies. All information will be held strictly confidential and there is no charge or obligation for our review of your case.We will review your claim without fee or obligation, and Lieff Cabraser agrees to protect your name and all confidential information you submit against disclosure, publication or unauthorized use to the full extent under the law.

Please note: Completion of this form cannot contractually obligate plaintiffs’ attorneys to represent you. We can only serve as your attorney if you and we both agree, in writing, that we will serve as your counsel.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes

Lifelock Identity Theft Protection Fraud

Data security digital privacy

Ebarle et al. v. LifeLock Inc., No. 3:15-cv-00258 (N.D. Cal.). Lieff Cabraser represented consumers who subscribed to LifeLock’s identity theft protection services in a nationwide class action fraud lawsuit. The complaint alleged LifeLock did not protect the personal information of its subscribers from hackers and criminals, and specifically that, contrary to its advertisements and statements, LifeLock lacked a comprehensive monitoring network, failed to provide “up-to-the-minute” alerts of suspicious activity, and did an inferior job of providing the same theft protection services that banks and credit card companies provide, often for free.

On September 21, 2016, U.S. District Judge Haywood Gilliam, Jr. granted final approval to a $68 million settlement of the case.

Facebook Message Scanning Privacy Lawsuit

Online privacy protection and data breach

Issue: Scanning of private messages

Lieff Cabraser represents plaintiffs in litigation against Facebook for allegedly scanning and intercepting users’ private email messages on its social network. In December 2013 Facebook users represented by Lieff Cabraser and co-counsel filed a nationwide class action lawsuit alleging that Facebook intercepts certain private data in users’ personal and private e-mail messages on the social network and profits by sharing that information with third parties.

May 2, 2017 Update re Case Settlement

On April 26, 2017, a Northern District of California Federal Court granted preliminary settlement approval to a class action, filed December 31, 2013, alleging that Facebook intercepted the content of Facebook messages, without consent, in violation of the Electronic Communications Privacy Act, 18 U.S.C. §§ 2510, et seq. and Cal. Penal Code §§ 630, et seq. The settlement class includes all natural-person Facebook users located within the United States and its territories who have sent, or received from a Facebook user, private messages that included URLs in their content (and from which Facebook generated a URL attachment), from December 30, 2011 to March 1, 2017.

As part of the injunctive-relief-only settlement, Facebook has confirmed that the challenged conduct has ceased—namely, Facebook confirms that it no longer utilizes data from URLs within private messages to (1) generate recommendations to its users; (2) share user data with third parties; or (3) increase “like” counter numbers on third party websites. In addition, during the course of this litigation, Facebook made changes to its operative disclosures to its users, stating that it collects the “content and other information” that people provide when they “message or communicate with others,”—thereby further explaining the ways in which Facebook may use that content. Facebook has also agreed to display additional educational language on its United States website for Help Center materials concerning its processing of URLs shared within messages.

On August 9, 2017, at 9 a.m., at the United States District Court for the Northern District of California, Oakland Courthouse, Courtroom 3 – 3rd Floor, 1301 Clay Street, Oakland, California 94612, before the Honorable Phyllis L. Hamilton, the Court will hold a hearing to determine whether final approval of this class action settlement is appropriate. If approved, class members will release their ability to seek or obtain any other injunctive relief related to the claims asserted in this lawsuit. Class members will not release any claims for monetary relief.

Class Counsel’s motion in support of final approval of the settlement, and application for attorneys’ fees, costs and expenses not to exceed $3.9 million, including a service award of $5,000 for each of the two Class Representatives, will be filed no later than May 26, 2017. Class members may submit comments or objections to the settlement or the requested fees and expenses. Any opposition, comment, or objection must be filed or mailed to the Court as described at paragraphs 9-11 of the Court’s Order granting Preliminary Approval and available at the link below, no later than June 26, 2017.

You may view the settlement agreement and other related documents (including Plaintiffs’ Motion for Preliminary Approval of Class Action Settlement, the Court’s Order Granting Preliminary Approval of Class Action Settlement, Plaintiffs’ Motion for Final Approval of Class Action Settlement, Plaintiffs’ Motion for Award of Attorneys’ Fees and Incentive Awards, and any opposition or reply papers related to these motions) as these documents become available by clicking on the relevant highlighted text in this paragraph.

Plaintiffs and the Class are represented by Carney Bates & Pulliam, PLLC and Lieff, Cabraser, Heimann & Bernstein, LLP.

Types of Communications Offered on Facebook

Facebook describes the communication options it offers users as, in relevant part, “[d]epending on whom you’d like to share with.” The options range from the broadest possible audience (a post which the public may see, including via searches on the internet), to posts viewable by small groups of friends, to Facebook messages shared “privately” with a single individual. Facebook claims the privacy of its messaging function as “unprecedented” in terms of user control and the prevention of unwanted contact.

The Facebook Alleged Privacy Violation Explained

The complaint alleges that when a user composes a private Facebook message and includes a link to a third party website (a “URL”), Facebook does not treat this message as private. Instead, Facebook scans the content of the message, follows the enclosed link, and searches for information to profile the message-sender’s web activity. This enables Facebook to mine aspects of user data and profit from that data by sharing it with third parties – namely, advertisers, marketers, and other data aggregators.

Almost all of Facebook’s revenues come from third party advertisements that are targeted at users based upon their personal data. “The alleged concealed scanning of private user messages serves as a means for Facebook to gather data to be employed in Facebook’s marketing efforts,” stated attorney Michael W. Sobol, the chair of Lieff Cabraser’s consumer protection practice group.

The complaint alleges that Facebook’s scanning of the private messages of its users violates the federal Electronic Communications Privacy Act and California privacy and unfair competition laws.

Contact Lieff Cabraser

If you wish to report any alleged privacy violations by Facebook or other internet companies, please contact us by filling out the form below. All information you provide will be held confidential and there is no charge or obligation for our review of your complaint.

We agree to protect your name and all confidential information you submit against disclosure, publication or unauthorized use to the full extent under the law. Please describe your complaint.

Please note: Completion of this form cannot contractually obligate plaintiffs’ attorneys to represent you. We can only serve as your attorney if you and we both agree, in writing, that we will serve as your counsel.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State/Country

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes

Carrier IQ Privacy Litigation

Cybersecurity and Data Privacy

Issue: Smartphone tracking software
Result: $9 million settlement

Lieff Cabraser represented plaintiffs in class action litigation alleging that Carrier IQ, Inc., and other smartphone manufacturers violated privacy laws by installing Carrier IQ’s user tracking software, called IQ Agent, on the plaintiffs’ smartphones.

IQ Agent was installed on many Android smartphones and on an estimated 140 million mobile devices worldwide. The software tracked users’ keystrokes, passwords, apps, text messages, photos, videos, and other personal information.

Without notifying users or obtaining consent, IQ Agent recorded and transmitted this data to cellular carriers. The data was then analyzed and segmented, including by equipment and subscriber identification numbers. IQ Agent could not be removed and could not be detected by users lacking advanced computing skills.

In 2016, the Court granted final approval of a $9 million settlement plus injunctive relief provisions.

Contact Lieff Cabraser

If you are concerned about the security of your information on your mobile device, please use the form below to contact Lieff Cabraser or call a Lieff Cabraser consumer rights attorney at 1 800-541-7358. There is no charge or obligation for our review of your complaint.

We will review your case without charge or obligation. Lieff Cabraser agrees to protect your name and all confidential information you submit against disclosure, publication or unauthorized use to the full extent under the law.Please note: Completion of this form cannot contractually obligate plaintiffs’ attorneys to represent you. We can only serve as your attorney if you and we both agree, in writing, that we will serve as your counsel.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes

Trademark Notice

Android is a registered trademark of Google, Inc. The use of this trademark is for informational and product identification purposes only. Lieff Cabraser is in no way affiliated with Google, Inc.