CHAT LIVE NOW
FREE INITIAL CONSULTATION 210-447-0500
CHAT LIVE NOW
CALL US NOW
cyber litigation watts guerra

Cyber Litigation

Cyberlaw is one of the newest legal domains. Thanks to the ubiquity of the internet, cybercrime is growing at a rapid rate and consequently, cyber litigation continues to evolve. In 2019, U.S. businesses and individuals lost over $3.5 billion from data breaches, fraud, and other forms of cyber-attack. In addition, two-thirds of organizations reported some kind of cybersecurity incident.1

Cybersecurity litigation includes consumer class action lawsuits, financial institution class action lawsuits, and derivative class action lawsuits. The lawsuits referenced below highlight recent litigation relating to data breaches and privacy concerns in our cyber world.

cyber litigation watts guerra

Consumer Class Action Lawsuits

Data Breaches

When a data breach occurs, the personal information of individuals is compromised. Hackers may be able to gain access to sensitive information like social security numbers, home addresses, medical records, and payment data. For instance, in 2013 a malware attack at Neiman Marcus exposed 400,000 customers’ credit and debit cards to cybercriminals.2 In 2015, Anthem, the largest U.S. health insurance company, suffered an attack that compromised the personal information of 78.8 million customers.3 In both cases, consumers filed class action lawsuits. As a result, Neiman Marcus paid out $1.6 million out to customers affected by the breach and Anthem paid $115 million to settle the lawsuit filed after the 2015 attack.

Biometrics

Recent developments in biometric technology have opened the floodgates for privacy concerns. Biometrics are unique physical characteristics, such as fingerprints, iris scans, and facial and voice patterns that can be used to authenticate an individual’s identity.4 This kind of technology is often used by law enforcement to prevent illegal entry into the U.S., verify traveler identities and credentials, and authorize immigration and visa applications.5

TikTok agreed to pay $92 million in a settlement to a class of U.S. users who claimed their biometric data was collected and stored on the app. The video dance app allegedly harvested personal information, including facial recognition data, for over 89 million TikTok users which was then sold to advertisers.6 By failing to obtain the informed consent of biometric data collection and failing to publicize their data use and retention policy, TikTok violated the Illinois Biometric Information Privacy Act as well as other state and federal laws.7

Similarly, a class of consumers filed a suit against Facebook for collecting biometric data without their permission. Facebook’s collection of “faceprints” used facial recognition software to automatically suggest who to tag in a person’s photos. Facebook settled this suit for $550 million.8 Both of these suits were filed in Illinois because it is the leading state in biometric regulation. States like Texas, Washington, California, New York, and Arkansas are quickly following Illinois’s lead by giving consumers more options when it comes to filing biometrics lawsuits.9

Even though all 50 U.S. states require private or public organizations to notify consumers of security breaches of personally identifiable information, biometric privacy legislation is still limited. However, as privacy concerns heighten and new states enact stricter cybersecurity litigation, biometrics cases will become more prominent and successful.

cyber law and biometrics for cyber litigation

Financial Institution Class Action Lawsuits

Data breaches also have financial implications for banks. For example, in 2014, a data breach at Target left more than 40 million credit cards compromised. The cost of replacing stolen cards from Target’s breach alone cost banks roughly $400 million. These expenses included the cost of replacing stolen cards, reimbursements for fraudulent charges, and other administrative fees.

In the past, banks were responsible for the financial burden of hacks. However, after filing a class action lawsuit against Target, the corporation agreed to pay $39.4 million to resolve claims by financial institutions that said they lost money.10 If merchants and retailers are negligent in securing their systems, banks and credit unions may have the right to seek damages.

Derivative Class Action Lawsuits

Data breaches have the potential to negatively impact shareholders and stock prices. In 2013 and 2014, Yahoo suffered a data breach that compromised the data of over 500 million user accounts. The plaintiffs’ securities class action complaint named the company, the CEO, and the CFO as defendants and alleged that defendants made false or misleading statements. They also claimed that Yahoo failed to properly encrypt its users’ personal information with an up-to-date encryption mechanism. A data breach resulting in theft, according to plaintiffs, would foreseeably cause a drop in user engagement with Yahoo’s websites and services. Consequently, the disclosure of the breach in September 2016 and December 2016 caused the company’s share price to drop 3.06% and 6.11%, respectively which proves how negligence in protecting sensitive customer information can influence a company’s market value.11

As a result, in April 2019, Yahoo agreed to pay $117.5 million to end a consumer class action lawsuit over three large breaches that occurred. They were ordered to pay $80 million in a settlement with shareholders for stock-drop claims and $29 million for shareholder derivative claims against company leaders.11 The Yahoo example highlights the array of stakeholders affected by a data breach. In addition to consumers, Yahoo was forced to remediate their shareholders.

What’s next?

The examples above characterize the variety of players that are victims of data breaches and those who might have grounds for lawsuits. Ultimately, cyberattacks do not discriminate. Individual customers, banks, and company investors all suffer the consequences of a cyberattack. As technology develops, the future of cyber law and litigation is yet to be seen.

How to Protect Yourself

Data breaches can affect individuals in a variety of ways. Some breaches may compromise payment card data while others include social security numbers or healthcare information.

The following are indicators that your information may have been compromised:

  • Unauthorized bank activity or credit card charges
  • Collection notices or calls for debt that you don’t owe
  • Statements or bills for accounts you never opened in the mail
  • Being unexpectedly denied credit

It’s important to take steps to mitigate risk if your information is involved in a breach. This might include canceling credit cards, notifying your bank, and changing passwords and account numbers. If you believe your personal information has been compromised, attorneys can investigate whether a class action lawsuit might be appropriate. In the event that a major breach has occurred, you will receive information about a class action lawsuit where you can submit your claim to the settlement.

 

Regardless, here are some general tips to keep your information safe12:

  • Don’t click on suspicious links
  • Use anti-virus software
  • Change your passwords often
  • Don’t give out personal or financial information on a public network
  • Get a free credit report every year from a major credit reporting agency
  • Follow up on activities that may seem suspicious

Written by:

Katie Dehlinger
Law Clerk
WATTS GUERRA LLP
Four Dominion Drive, Bldg. Three, Suite 100
San Antonio, Texas 78257
Phone: (210) 447-0500

Frank Guerra
Board Certified – Personal Injury Law
Texas Board of Legal Specialization
WATTS GUERRA LLP
Four Dominion Drive, Bldg. Three, Suite 100
San Antonio, Texas 78257
Phone: (210) 447-0500

 

Be sure to follow us on Instagram and Facebook to see more Watts Guerra news!

Sources
Source 1: https://healthitsecurity.com/news/fbi-3.5b-lost-to-cybercrime-in-2019-led-by-business-email-compromise
Source 2: https://topclassactions.com/lawsuit-settlements/lawsuit-news/second-version-of-1-6m-neiman-marcus-settlement-approved/
Source 3: https://www.nbcnews.com/news/us-news/anthem-pay-record-115m-settle-lawsuits-over-data-breach-n776246
Source 4: https://www.csoonline.com/article/3339565/what-is-biometrics-and-why-collecting-biometric-data-is-risky.html
Source 5: https://www.dhs.gov/biometrics
Source 6: https://www.npr.org/2021/02/25/971460327/tiktok-to-pay-92-million-to-settle-class-action-suit-over-theft-of-personal-data
Source 7: https://apnews.com/article/technology-lawsuits-biometrics-illinois-00be8815636b8f69d2742637bc1c4f1f
Source 8: https://www.nytimes.com/2020/01/29/technology/facebook-privacy-lawsuit-earnings.html
Source 9: https://www.natlawreview.com/article/anatomy-biometric-laws-what-us-companies-need-to-know-2020
Source 10: https://www.reuters.com/article/us-target-breach-settlement/target-in-39-4-million-settlement-with-banks-over-data-breach-idUSKBN0TL20Y20151203
Source 11: https://www.dandodiary.com/2019/01/articles/cyber-liability/yahoo-data-breach-related-derivative-suit-settled-29-million/
Source 12: https://www.kasasa.com/care/education/warning-signs-your-identity-stolen
BACK TO RESOURCES
Call us for your free consultation
210-447-0500
SAN ANTONIO, TX - MAIN
875 East Ashby Place.
Suite 1200
San Antonio, TX 78212
DIRECTIONS
ODESSA, TX
620 N. Grant St
Suite 1205
Odessa, TX 79761
DIRECTIONS
SAN FRANCISCO, CA
345 CALIFORNIA STREET
SUITE 600
SAN FRANCISCO, CA 94104
DIRECTIONS
© 2024 Guerra LLP . All rights reserved.
Frank Guerra is the attorney responsible for the content of this website. Our attorneys are all licensed to practice in the State of Texas and Illinois. Francisco Guerra IV, and Robert E. Brzezinski are Board Certified in Personal Injury Trial Law by the Texas Board of Legal Specialization. Michael J. Murray is Board Certified in Civil Appellate Law by the Texas Board of Legal Specialization. Unless otherwise indicated, attorneys are not board certified. Principal office is located in San Antonio, Texas.
CHAT LIVE NOW
CALL US NOW