Articles Posted in Privacy Law

The drastic advances in technology that have happened in recent years make many aspects of modern living much easier, but they have also put certain aspects of our lives at risk that were never at risk before. For example, as people use cash less and less and increasingly rely on their credit cards to pay for their everyday purchases, more and more people have had their credit cards compromised and used to pay for purchases they never authorized. It is now common for credit card companies to offer credit card protection, in which users won’t be made to pay for purchases they did not authorize, but credit card companies usually charge an extra fee for that protection.

Data security is doing its best to keep up with the hackers, but that’s not always possible. Many companies, especially large chains, have suffered data breaches in which hackers illegally gain access to customers’ credit card information. Since it is often very difficult, if not impossible, to locate and prosecute the hackers themselves, the company that suffered the data breach is often faced with a class action lawsuit from customers who had their credit card information exposed as a result of the company’s failure to have the proper protections in place. Continue reading ›

 

The rulings made by appellate courts can affect many decisions to come in rulings made by lower courts all over the country. In a recent data breach lawsuit against Neiman Marcus, the retailer argued the ruling made by the Seventh Circuit Court could have long-term effects on data breach law if the court failed to change its ruling.

The court denied Neiman Marcus’s appeal and let its initial decision stand.

The consumer lawsuit consists of a proposed class of about 350,000 plaintiffs who allegedly suffered financial damages as a result of a security breach of Neiman Marcus’s systems in 2013. The plaintiffs allege the retailer did not take all necessary precautions in preventing or mitigating a security breach that exposed customers’ payment card details. The data breach lawsuit also alleges Neiman Marcus did not notify its customers of the data breach in a timely manner, once the security attack had happened. Continue reading ›

Data Breach Cases

We are investigating various data breach cases and will bring class actions on behalf of victims of data breaches such as the Target, Ashley Madison, Sony and Home Depot data breaches.

Contact Us if You Are a Victim of the Ashley Madison Data Breach or of Another Data Breach

 

It is widely accepted that the Internet is not a safe place for private or confidential information. Yet, when sensitive information gets leaked, people look for someone to blame. In some instances, they are correct and can bring a privacy claim especially when they can show direct injury due to the privacy breach. In other instances where they suffer no injury they have no claim.

In June of 2012, LinkedIn experienced a security breach and the passwords of 6.5 million users were posted online. A few days later, two premium LinkedIn users, Katie Szpyrka and Khalilah Wright, filed a class-action lawsuit against LinkedIn on behalf of all users.

The lawsuit alleged that LinkedIn had failed to store passwords in salted SHA1 hashed format. According to the lawsuit, this is basic industry standard security practice and, by failing to adhere to them, LinkedIn had failed to abide by its Privacy Policy.

What the Privacy Policy actually states is:
“In order to help secure your personal information, access to your data on LinkedIn is password-protected, and sensitive data (such as credit card information) is protected by SSL encryption when it is exchanged between your web browser and the LinkedIn website. To protect any data you store on our servers, LinkedIn also regularly audits its system for possible vulnerabilities and attacks, and we use a tierone secured-access data center.

“However, since the internet is not a 100% secure environment, we cannot ensure or warrant the security of any information you transmit to LinkedIn. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

“It is your responsibility to protect the security of your login information. Please note that emails, instant messaging, and similar means of communication with other Users of LinkedIn are not encrypted, and we strongly advise you not to communicate any confidential information through these means.”

LinkedIn’s Privacy Policy does not promise industry standard security practices and, in fact, warns the user that, despite their efforts, breaches can occur. In court, the plaintiffs admitted that they had not even read the Privacy Policy, which no doubt weakened their argument.
The lawsuit also filed for damages based on the allegation that the premium users had paid LinkedIn in order to access the premium membership status of the social networking site. The plaintiffs expected this to include enhanced security measures but the premium membership offers no such thing. Rather, it merely offered more advanced tools and usage of LinkedIn’s services. Heightened security measures were never offered as part of the premium membership and, as such, the plaintiffs could not prove that they received any financial harm or injury.
The plaintiffs also failed to prove that the injuries they suffered as a result of the breach were “concrete and particularized” or “actual and imminent”. No one stole their identities or got into their accounts and, on these grounds, the judge dismissed the lawsuit.

Continue reading ›