Data Breach and Privacy Lawsuits

At Girard Gibbs LLP, our attorneys have represented people across the country whose privacy rights have been violated. We represent these people in a legal proceeding known as a class action lawsuit, which allows many people who were subject to the same privacy violation to join together to bring legal claims for violations of their rights.

If you have a question about one of the cases below or would like to discuss a potential case with one of our privacy lawyers, please complete the form to the right or call us toll-free at (866) 981-4800.

America’s JobLink Data Breach Lawsuit Investigation


America’s JobLink (AJL), a multi-state web-based system that links job seekers with employers, announced on March 22, 2017 that a “malicious third party hacker” gained access to AJL systems. AJL stated that the hacker “exploited a vulnerability in the AJL application code” to view job seekers’ names, Social Security numbers, and birth dates. The breach may have compromised personal information of individuals in at least ten states, including: Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma, and Vermont.

Banner Health Data Breach Lawsuit


Girard Gibbs’ data breach attorneys represent the patients, insureds, doctors, and others affected by the data breach at Banner Health in the summer of 2016. Banner Health announced the breach on August 2, 2016, saying it may have exposed the personal health and other sensitive information of up to 3.7 million people.  Banner said the hackers accessed medical records and payment card information used to buy food and beverages at Banner locations.

Wendy’s Data Breach Lawsuit Investigation


Our data breach attorneys are investigating reports about a potential data breach at Wendy’s fast food restaurants. Both Wendy’s customers and local credit unions have reported a pattern of unusual credit card activity in certain Wendy’s stores, leading to fraud, including unauthorized charges or debits in customers’ accounts.

Experian T-Mobile Data Breach Investigation


Experian credit bureau announced on October 1 ,2015 that one of its business units was hacked by “an unauthorized party,” leaving the personal information of 15 million T-Mobile wireless subscribers and potential customers exposed. The hackers gained access to customers’ names, Social Security numbers, home addresses, birthdates, passport identification numbers, driver’s license numbers, and other personal information. Experian states that “no payment card or banking information was acquired” in the data breach.

Excellus BlueCross and BlueShield Hacked


On September 9, 2015, Excellus BlueCross and BlueShield announced that it was targeted in a cyberattack in which the personal information of more than 10 million people was exposed. According to Excellus, attackers could have accessed information including names, dates of birth, Social Security numbers, addresses, financial account information, and even medical claim information. According to an article by Wired, Excellus spokesperson Kevin Cane stated that the breached financial information also included credit card numbers.

Office of Personnel Management Data Breach


On June 5, 2015, the United States Office of Personnel Management (“OPM”) notified approximately 4 million federal employees its computer systems had been hacked and their personally identifiable information may have been stolen.  According to reports, hackers may have gained access to unencrypted names, addresses, social security numbers, telephone numbers, financial and medical records, foreign trips taken, children’s and relative’s names, names of neighbors and close friends, and more.  OPM maintains records for current, former, and prospective federal employees.  Recent reports indicate at least 14 million people may actually be affected.

OPM Data Breach Litigation


On June 4, 2015, the Office of Personnel Management (“OPM”) announced it would notify approximately four million current and former federal applicants and employees that its software system had been hacked and employees’ personal identifiable information (“PII”) had been stolen. In order to access the OPM’s database, hackers stole valid user credentials. By using credentials to get into the software system, hackers could sneak data out of the network over the Internet, hiding its activity internally among normal traffic. OPM has placed the blame on KeyPoint, a private OPM contractor that handles federal background checks, stating that hackers “leveraged a compromised KeyPoint users credential to gain access to the OPM network.”

Premera Blue Cross Hacked


On March 17, 2015, health insurer Premera Blue Cross announced that it had fallen victim to a “sophisticated cyberattack,” potentially exposing the personal information of up to 11 million Premera members. According to the company, hackers may have gained access to members’ addresses, email addresses, telephone numbers, Social Security numbers, member identification numbers, bank account information, and medical claims information, including clinical information. Additionally, the email addresses, Social Security numbers, and bank account information of any non-members conducting business with Premera may have been exposed.

Anthem Data Breach


On February 9th, 2015, Girard Gibbs LLP filed a federal class action lawsuit against Anthem, Inc. on behalf of all current and former Anthem members and employees whose personal information was compromised as a result of the data breach announced in February 2015. The lawsuit alleges that Anthem failed to maintain reasonable and adequate security measures designed to prevent the attack or detect unauthorized network activity.  It also alleges that Anthem failed to encrypt its members’ data. 

Class Certification Granted in Yahoo Email Privacy Litigation


On May 26, 2015, the Honorable Lucy H. Koh of the U.S. District Court for the Northern District of California certified a national class and a California subclass in the case of In re Yahoo Email Litigation. The national class includes all persons in the United States who are not Yahoo Mail subscribers and who emailed with Yahoo Mail subscribers from October 2, 2011 to the present, or who will email with a Yahoo Mail subscriber in the future. The California class includes all persons in California who are not Yahoo Mail subscribers and who emailed with Yahoo Mail subscribers from October 2, 2012 to the present, or who will email with a Yahoo Mail subscriber in the future. The classes were certified under the federal Stored Claims Act (SCA) and California Invasion of Privacy Act (CIPA). The plaintiffs allege that Yahoo illegally scans and analyzes emails sent by non-Yahoo email subscribers to Yahoo email subscribers without first obtaining the senders’ consent, and uses the scanned data for advertising purposes.

Adobe Data Breach Class Action


Adobe Systems, Inc. announced a data breach which affected an estimated 2.9 million accounts, on October 4, 2013. The company was the target of a cyber-attack during July and August, 2013, in which customer information and source code for some of its products were compromised. The stolen customer information included user names, passwords, credit or debit card numbers and expiration dates.

Kmart Stores’ Payment Systems Hacked in Data Breach


On October 10, 2014, Kmart confirmed that its payment systems were breached, compromising its customers’ credit card and debit card information. According to Sears, which owns Kmart, the security breach potentially impacts customers who shopped in Kmart retail stores during the period of early September 2014 through October 9, 2014. It is still unclear at this time how many customers are affected. However, there are approximately 1,200 Kmart stores throughout the United States.

Sony Pictures Data Breach Litigation


On November 24, 2014, Sony Pictures Entertainment took its computer systems offline after a group of hackers breached the company’s network. The group that has claimed responsibility for the breach, Guardians of Peace, hacked into Sony Pictures’ computer systems, preventing staff from logging into their computers or accessing their corporate email accounts. The LA Times reported that the hackers warned Sony Pictures that they had obtained, and planned to release, internal company information. At the time, it was unclear what information had been taken, and cyber security experts said little was known about the hackers.

Health Net & IBM Privacy Breach Settlement


On December 10, 2013, Honorable Judge David Brown granted preliminary approval of a class action settlement in the Health Net data breach lawsuit. Filed in 2011, the lawsuit alleged that Health Net violated medical privacy laws when certain server drives that contained personal, medical, and/or financial information of patients went missing.