Privacy & Cybersecurity

Lieff Cabraser’s Privacy & Cybersecurity practice group is a nationally-recognized leader in the pursuit of preserving people’s privacy against the pervasive intrusions of digital technology into our all aspects of our daily lives. Lieff Cabraser has a proven and track record of successfully taking-on the powerhouses of Big Data and social media. The Privacy & Cybersecurity practice group’s honors include the National Law Journal’s 2019 Elite Trial Lawyers award for privacy and data breach litigation and Law360’s 2017 Data Privacy Practice Group of the Year.

Privacy Faces its Greatest Challenge in the Digital Age

Today, much of our work, commerce, finances, and communications and interactions with others, take place through the technology of the digital world. Digital technology is everywhere we go, and with the proliferation of “smart” devices, we go everywhere with it. As a result, intrusions into our lives, whether on purpose or by accident, are inevitable, and the opportunity to share and profit from the private facts of our lives is unprecedented and nearly limitless. We appreciate the convenience that these technologies bring, but have come to rightfully be concerned that, quite apart from the services these technologies provide, their incredible computing power and ability to aggregate data threatens us with near constant surveillance and commercial and political manipulation.

Lieff Cabraser’s Privacy & Cybersecurity practice group is committed to holding the line against abuses of the awesome power of this technology, and to preserving our society’s time-honored values of privacy, self-determination, and independent thought that allows our Democracy to flourish.

Lawyers Dedicated to Preserving Privacy

Lieff Cabraser is committed to ensuring that the fundamental right to privacy is respected and endures even as technology evolves and society changes.

Our attorneys have the experience and technical expertise necessary to successfully litigate a comprehensive range of privacy claims. We represent individuals in precedent-setting cases against powerful technology, social media, healthcare, and entertainment companies, as we aim to reaffirm and enforce the privacy protections that the law provides to secure the most sensitive personal information of citizens here and around the world.

Significant Digital Privacy Lawsuits

  • Balderas v. Tiny Lab Productions, et al., Case 6:18-cv-00854 (D. New Mexico). Lieff Cabraser, with co-counsel, is working with the Attorney General of the State of New Mexico to represent parents, on behalf of their children, in a federal lawsuit seeking to protect children in the state from a foreign developer of child-directed apps and its marketing partners, including Google’s ad network, Google AdMob. The lawsuit alleges that Google, child-app developer Tiny Lab Productions, and their co-defendants surreptitiously harvested children’s personal information for profiling and targeting children for commercial gain, without adequate disclosures and verified parental consent. When children played Tiny Lab’s gaming apps on their mobile devices, Defendants collected and used their personal data, including geolocation, persistent identifiers, demographic characteristics, and other personal data in order to serve children with targeted advertisements or otherwise commercially exploit them. The apps at issue, clearly and indisputably designed for children, include Fun Kid Racing, Candy Land Racing, and GummyBear and Friends Speed Racing. The action largely survived a motion to dismiss in spring 2020 and seeks redress under the federal Children’s Online Privacy Protection Act and the common law.  The parties are currently in discovery.
  • McDonald, et al. v. Kiloo A/S, et al., No. 3:17-cv-04344-JD; Rushing, et al. v. The Walt Disney Co., et al., No. 3:17-cv-04419-JD; Rushing v. ViacomCBS, et al., No. 3:17-cv-04492-JD (N.D. Cal.). In three related actions, Lieff Cabraser, with co-counsel, represents parents whose children’s right to privacy was violated when their personal data was surreptitiously transmitted while playing child-directed mobile gaming apps. Specifically, Plaintiffs allege that app developers and their mobile advertising partners (developers of so-called “software development kits” or “SDKs”) collected personally identifying data (e.g., device identifiers and location data) through six apps (Subway Surfers, Where’s My Water? (Paid), Where’s My Water (Free/Lite), Where’s My Water? 2, Princess Palace Pets, and Llama Spit Spit), and used that data to monetize their apps through targeted behavioral advertising—without the knowledge of child users or their parents. In May 2019, U.S. District Judge James Donato issued an order largely denying the defendants’ motions to dismiss. Plaintiffs then pursued their claims (i) for intrusion upon seclusion and a violation of the constitutional right to privacy under California law, (ii) under the California Unfair Competition Law, (iii) under the Massachusetts statutory right to privacy, and (iv) under New York General Business Law Section 349.
    On September 24, 2020, the district court preliminarily approved sixteen class settlements with all defendants in these actions. The settlements provide stringent and wide-ranging privacy protections (in many cases exceeding federal regulations) and meaningful changes to defendants’ business practices, ensuring participants in the largely unpoliced mobile advertising industry proactively protect children’s privacy in thousands of apps popular with children. A final approval hearing is scheduled for December 17, 2020.
  • In re Google LLC Street View Electronic Communications Litigation, No. 3:10-md-021784-CRB (N.D. Cal.). Lieff Cabraser represents individuals whose right to privacy was violated when Google intentionally equipped its Google Maps “Street View” vehicles with Wi-Fi antennas and software that collected data transmitted by those persons’ Wi-Fi networks located in their nearby homes. Google collected not only basic identifying information about individuals’ Wi-Fi networks, but also personal, private data being transmitted over their Wi-Fi networks such as emails, usernames, passwords, videos, and documents. Plaintiffs allege that Google’s actions violated the federal Wiretap Act, as amended by the Electronic Communications Privacy Act. On September 10, 2013, the Ninth Circuit Court of Appeals held that Google’s actions are not exempt from the Act.
    On March 20, 2020, U.S. District Judge Charles R. Breyer granted final approval to a $13 million settlement over Google’s illegal gathering of network data via its Street View vehicle fleet. Given the difficulties of assessing precise individual harms, the innovative settlement, which is intended in part to disincentivize companies like Google from future privacy violations, will distribute its monies to eight nonprofit organizations with a history of addressing online consumer privacy issues. Judge Breyer’s order to distribute the settlement funds to nonprofit organizations is currently on appeal.
  • In re Google LLC Location History Litigation, No. 5:18-cv-05062-EJD (N.D. Cal.).  Lieff Cabraser serves as Co-Lead Interim Class Counsel representing individuals whose locations were tracked, and whose location information was stored and used by Google for its own purposes after the consumers disabled a feature that was supposed to prevent Google from storing a record of their locations. Plaintiffs allege that, for years, Google deliberately misled its users that their “Location History” settings would prevent Google from tracking and storing a permanent record of their movements, when in fact despite users’ privacy settings, Google did so anyway.  Plaintiffs allege that Google’s conduct violates its users’ reasonable expectations of privacy and is unlawful under the California Constitutional Right to Privacy and the common law of intrusion upon seclusion, as well as giving rise to claims for unjust enrichment and disgorgement.
  • In re: Marriott Int’l Customer Data Sec. Breach Litig., 19-md-2879 (D. Md.). Lieff Cabraser serves as a member of the Steering Committee in class action litigation against Marriott International Inc. and Accenture PLC for a 2018 data breach of Starwood Hotels affecting more than 300 million U.S. citizens. Plaintiffs allege that Marriott failed to fulfill its legal duty to protect its customers’ sensitive personal and financial information, causing class members’ personally identifying information, including credit cards and passport numbers, to be exfiltrated by cybercriminals. In February 2020, U.S. District Court Judge Paul Grimm granted in part, and denied in part, Marriott’s motion to dismiss. Critically, the Court held that Plaintiffs have standing to bring their claims and that they properly alleged several tort, contract, and consumer protection claims.
  • In re: American Medical Collection Agency, Inc., Customer Data Sec. Breach Litig., No. 19-md-2904 (D. N.J.).  Lieff Cabraser serves as Co-Lead Counsel on the Quest track in class action litigation against Quest Diagnostics Inc., Laboratory Corporation of America, and other blood testing and diagnostic companies that shared, or facilitated the sharing of, customers’ personal identifying financial and health information with a third-party debt collector American Medical Collection Agency. Plaintiffs allege that Quest (and other blood-testing labs) failed to fulfill its legal duty to protect customers’ sensitive personal, financial, and health information by sharing it with a third-party that lacked adequate data security. The complaints against each lab company allege that they were negligent, unjustly enriched, and violated numerous state consumer protection statutes.
  • In re Plaid Inc. Privacy Litig., No. 4:20-cv-03056 (N.D. Cal.). Lieff Cabraser serves as Co-Lead Interim Class Counsel in a class action lawsuit alleging that Plaid Inc., a financial technology company, invaded consumers’ privacy in their financial affairs. Plaid provides third-party bank account authentication services for several well-known payment apps, such as Venmo, Coinbase, Square’s Cash App, and Stripe. Plaintiffs allege that Plaid uses login screens that misleadingly look like those of real banks to obtain consumers’ banking account credentials, and subsequently uses consumers’ credentials to access their bank accounts and improperly take their banking data. Plaintiffs argue that Plaid’s intrusions violate established social norms, and expose consumers to additional privacy risks. The lawsuit asserts claims under state and federal consumer protection and privacy laws and seeks monetary as well as injunctive (practice change) relief to stop the conduct and purge all improperly obtained data.

Successes

  • In re Anthem, Inc. Data Breach Litig., No. 5:15-md-02617 (N.D. Cal.). Lieff Cabraser served on the Plaintiffs’ Steering Committee representing individuals in a class action lawsuit against Anthem for its alleged failure to safeguard and secure the medical records and other personally identifiable information of its members. The second largest health insurer in the U.S., Anthem provides coverage for 37.5 million Americans. Anthem’s customer database was allegedly attacked by international hackers on December 10, 2014. Anthem says it discovered the breach on January 27, 2015, and reported it about a week later on February 4, 2015. California customers were informed around March 18, 2015. The theft included names, birth dates, social security numbers, billing information, and highly confidential health information. The complaint charged that Anthem violated its duty to safeguard and protect consumers’ personal information, and violated its duty to disclose the breach to consumers in a timely manner. In addition, the complaint charged that Anthem was on notice about the weaknesses in its computer security defenses for at least a year before the breach occurred.
    In August 2018, Judge Lucy H. Koh of the U. S. District Court for the Northern District of California granted final approval to a class action settlement which required Anthem to undertake significant additional cybersecurity measures to better safeguard information going forward, and to pay $115 million into a settlement fund from which benefits to settlement class members will be paid.
  • Matera v. Google Inc., No. 5:15-cv-04062 (N.D. Cal.). Lieff Cabraser served as Co-Lead Class Counsel representing consumers in a digital privacy class action against Google Inc. over claims the popular Gmail service conducted unauthorized scanning of email messages to build marketing profiles and serve targeted ads. The complaint alleged that Google routinely scanned email messages that were sent by non-Gmail users to Gmail subscribers, analyzed the content of those messages, and then shared that data with third parties in order to target ads to Gmail users, an invasion of privacy that violated the California Invasion of Privacy Act and the federal Electronic Communications Privacy Act. In February 2018, Judge Lucy H. Koh of the U. S. District Court for the Northern District of California granted final approval to a class action settlement. Under the settlement, Google made business-related changes to its Gmail service, as part of which, Google will no longer scan the contents of emails sent to Gmail accounts for advertising purposes, whether during the transmission process or after the emails have been delivered to the Gmail user’s inbox. The proposed changes, which will not apply to scanning performed to prevent the spread of spam or malware, will run for at least three years.
  • Campbell v. Facebook, No. 4:13-cv-05996 (N.D. Cal.). Lieff Cabraser serves as Co-Lead Class Counsel in a nationwide class action lawsuit alleging that Facebook intercepts certain private data in users’ personal and private messages on the social network and profits by sharing that information with third parties. When a user composes a private Facebook message and includes a link (a “URL”) to a third party website, Facebook allegedly scans the content of the message, follows the URL, and searches for information to profile the message-sender’s web activity. This enables Facebook to data mine aspects of user data and profit from that data by sharing it with advertisers, marketers, and other data aggregators. In December 2014, the Court in large part denied Facebook’s motion to dismiss. In rejecting one of Facebook’s core arguments, U.S. District Court Judge Phyllis Hamilton stated: “An electronic communications service provider cannot simply adopt any revenue-generating practice and deem it ‘ordinary’ by its own subjective standard.” In August of 2017, Judge Hamilton granted final approval to an injunctive relief settlement of the action. As part of the settlement, Facebook has ceased the offending practices and has made changes to its operative relevant user disclosures.
  • Ebarle et al. v. LifeLock Inc., No. 3:15-cv-00258 (N.D. Cal.). Lieff Cabraser represented consumers who subscribed to LifeLock’s identity theft protection services in a nationwide class action fraud lawsuit. The complaint alleged LifeLock did not protect the personal information of its subscribers from hackers and criminals, and specifically that, contrary to its advertisements and statements, LifeLock lacked a comprehensive monitoring network, failed to provide “up-to-the-minute” alerts of suspicious activity, and did an inferior job of providing the same theft protection services that banks and credit card companies provide, often for free. On September 21, 2016, U.S. District Judge Haywood Gilliam, Jr. granted final approval to a $68 million settlement of the case.
  • In re Carrier IQ Privacy Litigation, MDL No. 2330 (N.D. Cal.). Lieff Cabraser represented a plaintiff in Multi-District Litigation against Samsung, LG, Motorola, HTC, and Carrier IQ alleging that smartphone manufacturers violated privacy laws by installing tracking software, called IQ Agent, on millions of cell phones and other mobile devices that use the Android operating system. Without notifying users or obtaining consent, IQ Agent tracks users’ keystrokes, passwords, apps, text messages, photos, videos, and other personal information and transmits this data to cellular carriers. In a 96-page order issued in January 2015, U.S. District Court Judge Edward Chen granted in part, and denied in part, defendants’ motion to dismiss. Importantly, the Court permitted the core Wiretap Act claim to proceed as well as the claims for violations of the Magnuson-Moss Warranty Act and the California Unfair Competition Law and breach of the common law duty of implied warranty. In 2016, the Court granted final approval of a $9 million settlement plus injunctive relief provisions.
  • Perkins v. LinkedIn Corp., No. 13-cv-04303-LHK (N.D. Cal.). Lieff Cabraser represented individuals who joined LinkedIn’s network and, without their consent or authorization, had their names and likenesses used by LinkedIn to endorse LinkedIn’s services and send repeated emails to their contacts asking that they join LinkedIn. On February 16, 2016, the Court granted final approval to a $13 million settlement, one of the largest per-class member settlements ever in a digital privacy class action. In addition to the monetary relief, LinkedIn agreed to make significant changes to Add Connections disclosures and functionality. Specifically, LinkedIn revised disclosures to real-time permission screens presented to members using Add Connections, agreed to implement new functionality allowing LinkedIn members to manage their contacts, including viewing and deleting contacts and sending invitations, and to stop reminder emails from being sent if users have sent connection invitations inadvertently.
  • Corona v. Sony Pictures Entertainment, No. 2:14-cv-09660-RGK (C.D. Cal.). Lieff Cabraser served as Plaintiffs’ Co-Lead Counsel in class action litigation against Sony for failing to take reasonable measures to secure the data of its employees from hacking and other attacks. As a result, personally identifiable information of thousands of current and former Sony employees and their families was obtained and published on websites across the Internet. Among the staggering array of personally identifiable information compromised were medical records, Social Security Numbers, birth dates, personal emails, home addresses, salaries, tax information, employee evaluations, disciplinary actions, criminal background checks, severance packages, and family medical histories. The complaint charged that Sony owed a duty to take reasonable steps to secure the data of its employees from hacking. Sony allegedly breached this duty by failing to properly invest in adequate IT security, despite having already succumbed to one of the largest data breaches in history only three years ago. In October 2015, an $8 million settlement was reached under which Sony agreed to reimburse employees for losses and harm.
  • In re Intuit Data Litig., No. 5:15-cv-01778-EJD (N.D. Cal.). Lieff Cabraser represented identity theft victims in a nationwide class action lawsuit against Intuit for allegedly failing to protect consumers’ data from foreseeable and preventable breaches, and by facilitating the filing of fraudulent tax returns through its TurboTax software program. The complaint alleged that Intuit failed to protect data provided by consumers who purchased TurboTax, used to file an estimated 30 million tax returns for American taxpayers every year, from easy access by hackers and other cybercriminals. The complaint further alleged that Intuit was aware of the widespread use of TurboTax exclusively for the filing of fraudulent tax returns. Yet, Intuit failed to adopt basic cyber security policies to prevent this misuse of TurboTax. As a result, fraudulent tax returns were filed in the names of the plaintiffs and thousands of other individuals across America, including persons who never purchased TurboTax. In May 2019, Judge Edward J. Davila of the U. S. District Court for the Northern District of California granted final approval to a settlement that provided all class members who filed a valid claim with free credit monitoring and identity restoration services, and required Intuit to commit to security changes for preventing future misuse of the TurboTax platform.
“We are now into a whole unexplored, but sensitive, area dealing with privacy in the cyberworld . . . . [T]his is an area that will foment practices, litigation, jurisprudence, and I think it’s worthwhile.”
–U.S. District Judge, September 2019, approving preliminary settlement in Lieff Cabraser’s Google Street View Litigation

Contact Us

Please use the form below to contact a digital privacy attorney at Lieff Cabraser. You can also call us toll-free at 1 800 541-7358. There is no charge or obligation for our review of your case. The information you provide will help us hold companies accountable for their failures to properly secure and protect personal user information in every sphere of modern life.


First Name (required)

Last Name (required)

Email address (required)

Street Address

City

State

Zip

Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Comments or additional information:

Please sign me up for your Consumer Law newsletter. Yes


Lieff Cabraser’s Cases in Digital Privacy


CaseIssue
Anthem Patient Data BreachFailure to safeguard private medical data
Facebook MessagesImproper Scanning of private messages
Google Street ViewInterception of private communications
Plaid Financial Privacy ViolationsImproper acquisition of private banking data
Quest DiagnosticsFailure to safeguard private medical and financial data
TurboTaxIdentity theft and tax fraud
Turn Web Tracking SoftwareSmartphone "zombie" cookies
VTech Child Data BreachFailure to safeguard child data


CaseAllegation
Plaid Privacy ViolationsPrivacy violations


CaseResult
Carrier IQ Privacy$9 million settlement (2016)
Sony Data Breach$8 million settlement
LinkedIn "Add Connections"$13 million settlement (2016)
AT&T and NSA SurveillanceAT&T Granted Immunity by Congress; lawsuit halted (2008)