Data Breach Class Action Lawsuits

Data breaches have become an ever-present fact of American life. Through accidental leaks and ransomware attacks, online criminals can gain access to personal identifying information, such as names, Social Security numbers (SSNs), medical treatment details, and credit card numbers. Once in the hands of criminals, this information can be used to run up debts in victims’ names, steal from bank accounts, or order fake medical procedures.

Large companies often collect more data than they actually need, hold it for too long, and fail to provide enough security. When they do, class action attorneys can secure compensation to data breach victims for time lost and losses incurred, and can push companies to adopt better, stronger data protection.  The attorneys at Migliaccio & Rathod LLP have years of experience with data security litigation.  Contact us for a free evaluation.


Lopez v. The Urology Center of Colorado, Case No. 2022-cv-30037 (Colo. Dist. Ct.) Migliaccio & Rathod filed suit on behalf of patients against the Urology Center of Colorado, for not protecting patient data.  A settlement was reached in that case, compensating class members for time spent addressing the breach and for any identity theft or fraud they may have suffered. More details about the settlement are available on the settlement website.

McHenry v. Advent Health Partners, Inc., Case No. 3:22-cv-00287 (E.D. Cal.). Migliaccio & Rathod LLP filed suit against Advent Health Partners, Inc. for failing to safeguard sensitive patient information. Houston, Texas-based Memorial Hermann Health System notified over 6,000 patients that their sensitive health information was exposed during a cyberattack that affected Advent Health Partners, one of the Hermann Health System’s data processing vendors. Advent Health Partners announced on February 8, 2022, that internal employee emails had been targeted in a phishing attack that exposed the information of various medical center clients. Recently, we have reached a settlement in this case and the court has granted preliminary approval.

Ongoing Cases:

In re: Rutter’s Inc. Data Security Breach Litigation, Case No. 1:20-cv-00382 (M.D. Pa.). M&R has been appointed to the Plaintiffs’ Steering Committee in a putative multistate class action brought on behalf of consumers of a regional convenience store. Consumers allege that Rutter’s failed to protect their personal information and data, including credit card data. At least one data security expert recommended that anyone who used a credit card during the impacted time period should preventatively cancel their card immediately. The plaintiffs have filed a motion for class certification, which determines whether the case can proceed as a class action and are awaiting the court’s decision on the motion. If you believe you may have been impacted or would like more information, visit our blog here.

Joaquin-Torres v. Nelnet Servicing, LLC, Case No. 4:22-cv-03196 (D. Neb.). M&R has filed suit against the student loan servicing giant Nelnet in a putative class action lawsuit.  Student loan borrowers allege that Nelnet failed to protect their personal data against a cyberattack, leading to an increased likelihood of identity theft.

Stewart v. Practice Resources, Case No. 6:22-cv-00890 (N.D.N.Y.). Migliaccio & Rathod LLP has filed suit against the Syracuse, New York-based Practice Resources, LLC (“PRL”), a medical billing and information technology company that provides services to various healthcare entities, for failing to safeguard sensitive patient information in a data breach that was reported in August of 2022. In the latest update in this matter, our firm has been appointed lead counsel.

Hepworth v. Wyze Labs, Inc, Case No. 2:22-cv-00752 (W.D. Wash.). Migliaccio & Rathod LLP recently filed suit against Wyze Labs, Inc. (“Wyze”) for failure to disclose to purchasers a major security vulnerability in the Wyze Cam v1, v2, and v3 that allowed attackers to remotely control the camera and access stored videos and other information saved on the device’s SD card.

Gianni v. Transamerica Retirement Solutions, LLC, Case No. 7:21-cv-10282 (S.D.N.Y.). Migliaccio & Rathod LLP recently filed suit against Transamerica Retirement Solutions, LLC (“Transamerica”) for their failure to safeguard client information from a series of data breaches in 2017 and 2021. Transamerica manages 401k retirement plans for employers across the country and reported that both between January and August of 2017 and in early June 2021, unauthorized users gained access to consumer accounts.

Leonard v. McMenamins, Inc., Case No. 2:22−cv−00094 (W.D. Wash.).  On January 28, 2022 the law firms of Migliaccio & Rathod LLP and Breskin Johnson Townsend PLLC filed a class action lawsuit against McMenamins, Inc.  The lawsuit alleges that McMenamins failed to safeguard sensitive employee information in a ransomware attack that affected past and present employees from January 1, 1998 to December 12, 2021.  Among the categories of information lost in the ransomware attack were direct deposit banking details included in employees’ hiring documents.  Additionally, the lawsuit alleges that even though McMenamins has been aware of the incident since December of 2021, the company still has not been able to recover the personal data contained within the files lost during the ransomware attack.  The complaint is available for viewing here. We recently just overcame a motion to dismiss and are continuing the case.

Weisenberger v. Ameritas Mutual Holding Company, Case No.4:21-cv-03156 (D. Neb.). Migliaccio & Rathod LLP has filed suit against Ameritas Mutual Holding Company, for its failure to exercise reasonable care in securing and safeguarding their customers’ sensitive personal data— including names, addresses, email addresses, dates of birth, Social Security numbers, member ID numbers, policyholder names, employer names, and policy numbers- from a cyber-attack that accessed customer data through Ameritas’s services on or around May 1 – June 4, 2019 .The Data Breach affected at least 39,675 individuals from Ameritas services. We recently just overcame a motion to dismiss and are continuing the case.

Active Investigations:

Find all up to date investigations here.


Jump to: Settlements; Ongoing Cases

To report a data breach not listed above or in our active investigations, complete our questionnaire here:

*Prior results do not guarantee a similar outcome

Jump to: Settlements; Ongoing Cases; Investigations