Data breach class actions seek to hold companies responsible for lack of security

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

Data breach class action lawsuits overview: 

• Who: Multiple companies disclosed this month that they were the victims of data breaches, including Marriott International, Mangatoon and Professional Finance Company.
• Why: Companies and brands are increasingly affected by data breaches, which have led to a wave of class action lawsuits and class action settlements. 
• Where: Data breaches have affected companies and consumers nationwide. 

A scourge of data breaches affecting brands big and small has made cybersecurity a top priority for companies across the United States. 

Consumers are also taking cybersecurity seriously as data breaches put their privacy at risk by exposing their personally identifiable information to potentially bad actors looking to profit off it.  

Attempting to hold companies accountable for their data security practices has become a frequent reason for recent class action lawsuits and, in a number of cases, subsequent class action settlements. 

Mangatoon, Marriott, PFC disclose data breaches this month

Companies reported a number of data breaches in the month of July alone with cybersecurity incidents affecting companies in the health care, hospitality and financial industries, among others. 

Mangatoon, as one example, said earlier this month that it fell victim to a data breach in May that it says exposed the personal information of 23 million of its users.

The comic reading platform disclosed that hackers were able to access its systems by breaking in through an unsecured Elasticsearch database.

The account names, email addresses, genders, social media account identities and auth tokens related to salted MD5 password hashes and social logins of users were reportedly exposed in the Mangatoon data breach. 

Marriott International also confirmed this month that it was hit with a data breach in June that it says exposed 20 gigabytes of sensitive data, including guests’ and workers’ confidential and credit card info. 

The data breach reportedly occurred after hackers were able to trick a Marriott employee into granting them access to the hotel group’s computer systems. 

Marriott has said that, in addition to already informing law enforcement, it is preparing to notify 300 to 400 individuals it believes may have been affected by the data breach. 

Professional Finance Company, meanwhile, announced earlier this month that it was hit by a February data breach that it says exposed the data of more than 650 healthcare providers, potentially affecting 1.9 million patients across the US. 

The Colorado-based debt collection firm says hackers were able to access patients’ names, addresses and outstanding balances, among other information related to their accounts. 

Also this month, consumers accused LendingTree of failing to have adequate data security policies in place to prevent a February data breach and waiting more than four months to disclose the incident to consumers.

The data breach exposed the incredibly sensitive personal information of more than 200,000 consumers, according to the data breach class action. 

The consumer behind the class action lawsuit claims hackers exploited a vulnerability in coding in LendingTree’s computer systems on account of its “inadequate data security protocols.” 

Data breaches costliest to fix in U.S., health care providers warned to not pay ransoms to North Korean hackers 

While security risks put companies and brands at risk of data breach class actions, they also are costly to recover from, particularly in the United States. 

A recent report by global digital identity company ForgeRock revealed it costs U.S. companies an average of $9.5 million to recover from falling victim to a data breach — the highest amount in the world. 

The Federal Bureau of Investigation (FBI), Treasury Department and Cybersecurity Infrastructure Security Agency (CISA), meanwhile, warned health care providers not to pay ransoms to hackers from North Korea. 

The government agencies warned health care providers that they may be subject to sanctions for deciding to cooperate with hacking groups from North Korea requesting a ransom payment. 

The FBI, Treasury and CISA urged health care providers to bolster their data security practices by using encryption, monitoring devices, and limiting access to sensitive health data. 

Data breach class actions lead to number of recent settlements

Data breach class actions have also led to a number of recent settlements. 

Earlier this month, Claire’s agreed to pay $350,000 to put an end to claims that it mismanaged a data breach in 2020 that led to consumers having their information compromised. 

The Office of Personnel Management and its contractor Peraton also agreed to a class action settlement this month that will pay $63 million to consumers affected by data breaches that occurred in 2013, 2014 and 2015. 

Timios, meanwhile, agreed to a class action settlement this month that will resolve claims the real estate solutions company failed to protect consumer data during a data breach last year. 

And Capital One also agreed to end claims revolving around a data breach, when, in May, the bank holding company agreed to pay $190 million to end allegations it put its customer’s data at risk during a 2019 data breach. 

If you were affected by a data breach, you might qualify to participate in a data breach lawsuit.

Read About More Class Action Lawsuits & Class Action Settlements:

• Walmart recalls, class action lawsuits pile up in 2022
• Anheuser-Busch settles false advertising lawsuit over Ritas brand alcoholic beverages
• Apple iPhone 4S iOS 9 update $20M class action settlement
• Family Dollar recall announced for large number of OTC medical products