Our Data Privacy Lawyers in DC

A data breach occurs when an unauthorized third-party accesses, retrieves, or otherwise views confidential private information. Oftentimes, a data breach results from a company’s failure to properly safeguard consumer information. The breach could stem from inadequate digital security or simple employee negligence. In either case, the consequences can devastate a consumer’s privacy, financial security, and general reputation. Migliaccio & Rathod LLP’s data privacy lawyers in DC practice nationwide and are committed to providing meaningful relief for those impacted by a data breach. 

Please contact our public interest lawyers for a free consultation if you believe your private information has been compromised by a data breach. 


For information on Data Privacy Settlements visit Class Action Settlements & More.

Current Cases

Libman v. Apple, Inc., Case 5:23-cv-00505 (N.D Cal.).M&R has filed suit against Apple, alleging that, contrary to its privacy promises,  Apple tracks and collects an enormous wealth of data and personal information from its Mobile Device Consumers while they are using its apps, in spite of users having their privacy settings set to intentionally stop  any tracking of their usage and consequent sharing of their data usage with third parties. We allege Apple aggressively collects, transmits, exploits, and uses for its financial gain, details about consumers’ usage, browsing, communications, personal information, and even information relating to the Mobile Device itself, without the consent or authorization of Mobile Device Consumers.

B.M. through her mother Ashley Scott v. Musical.ly, Inc. Et Al, Case No. 2:19-cv-06851-PA-JEM (C.D. Cal.). Social networking app TikTok, previously known as Musically, has settled with the Federal Trade Commission for $5.7 million over allegations that the company violated the Children’s Online Privacy Protection Act, or COPPA. The act requires social networking apps or websites targeting children to acquire parental consent from users who are under 13 years of age before they start collecting personal data. The FTC found that, despite knowing that a substantial number of their users were children under age 13, Musically failed to notify parents or receive parental consent before collecting email addresses, names, and other personal information. Additionally, the company violated the COPPA Rule by failing to delete personal information at the request of parents.

 Doe v. Lastpass Us Lp, Case No.1:23cv10004 (D. Mass). Migliaccio & Rathod has filed suit against leading password manager, LastPass, for its alleged failure to protect sensitive customer data in the wake of a massive data breach that LastPass first disclosed in August 2022. At the time, LastPass reported that a threat actor had gained unauthorized access through a single developer account to portions of LastPass’s development environment, stealing “source code and some proprietary LastPass technical information.” However, the company recently provided an update on the data breach, saying the breach was worse than originally thought, and that hackers were also able to access customer personal information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and IP addresses customers used to access LastPass services. The hackers also copied a backup of customer vault data that included unencrypted data, including website usernames and passwords, secure notes, and form-filled data.

Joaquin-Torres v. Nelnet Servicing, LLC, Case No. 4:22-cv-03196 (D. Neb.). M&R has filed suit against the student loan servicing giant Nelnet in a putative class action lawsuit.  Student loan borrowers allege that Nelnet failed to protect their personal data against a cyberattack, leading to an increased likelihood of identity theft.

Stewart v. Practice Resources, Case No. 6:22-cv-00890 (N.D.N.Y.). Migliaccio & Rathod LLP has filed suit against the Syracuse, New York-based Practice Resources, LLC (“PRL”), a medical billing and information technology company that provides services to various healthcare entities, for failing to safeguard sensitive patient information in a data breach that was reported in August of 2022. In the latest update in this matter, our firm has been appointed lead counsel.

Hepworth v. Wyze Labs, Inc, Case No. 2:22-cv-00752 (W.D. Wash.). Migliaccio & Rathod LLP recently filed suit against Wyze Labs, Inc. (“Wyze”) for failure to disclose to purchasers a major security vulnerability in the Wyze Cam v1, v2, and v3 that allowed attackers to remotely control the camera and access stored videos and other information saved on the device’s SD card.

Leonard v. McMenamins, Inc.,Case No. 2:22−cv−00094 (W.D. Wash.). On January 28, 2022 the law firms of Migliaccio & Rathod LLP and Breskin Johnson Townsend PLLC filed a class action lawsuit against McMenamins, Inc.  The lawsuit alleges that McMenamins failed to safeguard sensitive employee information in a ransomware attack that affected past and present employees from January 1, 1998 to December 12, 2021.  Among the categories of information lost in the ransomware attack were direct deposit banking details included in employees’ hiring documents.  Additionally, the lawsuit alleges that even though McMenamins has been aware of the incident since December of 2021, the company still has not been able to recover the personal data contained within the files lost during the ransomware attack.  The complaint is available for viewing here. We recently just overcame a motion to dismiss and are continuing the case.

Weisenberger v. Ameritas Mutual Holding Company, Case No.4:21-cv-03156 (D. Neb.). Migliaccio & Rathod LLP has filed suit against Ameritas Mutual Holding Company, for its failure to exercise reasonable care in securing and safeguarding their customers’ sensitive personal data— including names, addresses, email addresses, dates of birth, Social Security numbers, member ID numbers, policyholder names, employer names, and policy numbers- from a cyber-attack that accessed customer data through Ameritas’s services on or around May 1 – June 4, 2019 .The Data Breach affected at least 39,675 individuals from Ameritas services. We recently just overcame a motion to dismiss and are continuing the case. 

In re: Rutter’s Inc. Data Security Breach Litigation, Case No. 1:20-cv-00382 (M.D. Pa.). M&R has been appointed to the Plaintiffs’ Steering Committee in a putative multistate class action brought on behalf of consumers of a regional convenience store. Consumers allege that Rutter’s failed to protect their personal information and data, including credit card data. At least one data security expert recommended that anyone who used a credit card during the impacted time period should preventatively cancel their card immediately. The plaintiffs have filed a motion for class certification, which determines whether the case can proceed as a class action and are awaiting the court’s decision on the motion. If you believe you may have been impacted or would like more information, visit our blog here.


Find all up to date investigations here.

To report a data breach not listed above or in our active investigations, complete our questionnaire here:

*Prior results do not guarantee a similar outcome