Pena et al. v. British Airways, PLC (UK): Case No. 1:18-cv-06278 (E.D.N.Y.). This is a consumer class action against British Airways for its failure to exercise reasonable care in securing and safeguarding its account holders’ Private Information, specifically their names, billing addresses, email addresses, and credit card information, including credit card numbers, expiry dates and CVV codes. On or about September 6, 2018, Plaintiff and Class members learned that commencing in or around August 2018, their Private Information was stolen from BA’s database storing Personal Information by hackers as a result of BA’s security failures. Almost two months after announcement of the initial breach, British Airways announced that an internal investigation has revealed that the data breach was far greater than originally believed. For more information, visit our blog here.
Pflum v. Munson Healthcare: Case No. 1:20-cv-00375 (W.D.Mich.). Migliaccio & Rathod LLP brought a case against Munson Healthcare for failure to adequately safeguard patient information, resulting in a data breach. Various Munson employees fell victim to a phishing scam, which resulted in exposure of patient information to potentially malicious actors. The information shared includes names, dates of birth, insurance information, and treatment and diagnostic information. In some cases, patients’ financial account, driver’s license, and Social Security numbers were also compromised by the breach, which occurred between July 31 and October 22, 2019. If you want more information or believe you were impacted, visit our blog here.
In re: Rutter’s Inc. Data Security Breach Litigation: Case No. 1:20-cv-00382 (M.D.Pa.). M&R has been appointed to the Plaintiffs’ Steering Committee in a putative multistate class action brought on behalf of consumers of a regional convenience store. Consumers allege that Rutter’s failed to protect their personal information and data, including credit card data. At least one data security expert recommended that anyone who used a credit card during the impacted time period should preventatively cancel their card immediately. If you believe you may have been impacted or would like more information, visit our blog here.
Sprowl et al. v. Marriot International, Inc: Case No. 8:18-cv-03691 (D. Md.). Plaintiffs bring this action against Marriott for failure to secure and safeguard their information including their names, birthdates, addresses, locations, email addresses, payment card information and passport information, including passport numbers, collectively referred to herein as Personally Identifiable Information (PII) that Marriott required customers to provide when they made reservations, checked-in to hotels, used one of its loyalty programs, or made purchases at dining or retail operations within its hotels. Marriott also failed to adequately notify Plaintiffs and Class members in a timely manner that their PII had been stolen. On November 30, 2018, Marriott announced that it had experienced a data breach due to a flaw in Marriott’s reservation system and database systems dating back to 2014, which allowed hackers to access the guest reservation system and steal the PII of up to 500 million guests. For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates.
Wallace et al. v. Health Quest Systems, Inc.: Case No. 7:20-cv-00545 (S.D.N.Y.). M&R has been appointed as co-lead interim class counsel in this case brought on behalf of New York patients whose data was compromised by a major regional health care provider. Health Quest and its parent company, Nuvance Health first reported on May 31, 2019 that a phishing incident allowed unauthorized access to employee emails, and patients’ sensitive information, to include names, provider names, dates of treatment and diagnosis information, and health insurance claims information. Much later, on January 10, 2020 patients in New York, Vermont, and Massachusetts received a letter stating that additional information may have been compromised, to include dates of birth, Social Security numbers, Medicare Health Insurance claim numbers, driver’s license numbers, provider names, dates of treatment, treatment and diagnosis information, health insurance plan member and group numbers, health insurance claims information, financial account information with PIN/security code and payment card information. New York patients were not offered the opportunity to enroll in the Experian IdentityWorks credit monitoring service. For more information or if you were impacted, visit our blog here.
*Prior results do not guarantee a similar outcome