Data Breach Lawsuits & Investigations
Every year, hundreds of millions of people are affected by data breaches that can leave them vulnerable to identity theft, credit damage, reputational harm and more.
Class action lawsuits remain one of the strongest ways to hold companies accountable for leaving consumers’, employees’ and patients’ private information unprotected. Indeed, some have resulted in multi-million-dollar settlements on behalf of those who – through no fault of their own – had their information stolen and, in the worst cases, even published on the dark web.
When a data breach lawsuit is successful, it can also require the company at fault to implement new security protocols to ensure the information it is entrusted with – medical, financial and otherwise – stays safe.
Got a data breach notice?
Scroll down to see the list of data breaches attorneys working with ClassAction.org are currently investigating. If you see one that looks familiar, click through to learn more about the breach and what you can do to potentially help get a class action lawsuit started.
And remember – don’t throw your notice away! It essentially serves as proof that you were affected by a specific security incident and can be vital if you choose to take legal action for the harm you suffered.
We update this page often with new data breach investigations, so make sure to bookmark it and come back regularly. You can also sign up for our free newsletter, which is sent on a weekly basis and includes our latest data breach alerts.
Featured Data Breaches
Kaiser Foundation Health Plan
April 2024On April 12, 2024, Kaiser Foundation Health Plan, Inc., which provides health insurance plans to employers, reported to the U.S. Department of Health and Human Services (HHS) a data breach affecting 13,400,000 individuals.
AT&T Inc.
March 2024AT&T has acknowledged a massive data breach that exposed sensitive information belonging to 73 million current and former customers.
WebTPA Employer Services, LLC
April 2024WebTPA Employer Services, which provides third-party administrative services to insurance companies, employers and health systems, is notifying individuals of a data breach in which personal information contained on its network was potentially exposed.
Group Health Cooperative of South Central Wisconsin has reported a data breach that may have impacted the protected health information of more than 533,000 individuals.
Change Healthcare
February 2024A massive Change Healthcare cyberattack has reportedly impacted patients and healthcare providers alike, including by delaying access to prescriptions and healthcare services and blocking insurance reimbursements.
MOVEit
May 2023Massive litigation is proceeding over the 2023 MOVEit data breach, an incident that has reportedly affected more than 94 million people and has been called the “biggest data theft” of the year.
Join the Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Data Breach FAQs
I got a data breach notification. Does this definitely mean my info is being used fraudulently?
Not necessarily. When a company experiences a data breach, state law requires that it notify affected individuals. Receiving a letter does not automatically mean that your personal information is being used fraudulently – it just means your information was exposed in a data security incident and has the potential for being misused.
What should I do if I get a data breach letter?
If you get a data breach notice, make sure to read it closely. It should contain information on what happened, what information was involved, what the company is doing about it, steps you can take to protect yourself, and how you can get more information.
Some companies may offer free credit and/or identity theft monitoring for a period of time following a data breach, and the notice should include instructions on how to sign up. If you’re offered free monitoring, take advantage of it; signing up should not affect any legal claim you may have against the company.
Importantly, if you get a data breach letter, don’t throw it out! If you are interested in helping any of the investigations listed on this page, attorneys will want to see the letter you received.
Why do attorneys need to see my data breach notice?
Attorneys working with ClassAction.org are specifically looking to hear from people with a data breach notice because it essentially serves as proof that the individual was a victim of the incident and makes for a stronger legal claim.
So, I can sue over a data breach?
Yes. If your data was exposed in a security incident, you may be able to sue the company or companies responsible. Dozens of data breach class action lawsuits are filed each month, and this number only continues to increase. You can check out the proposed data breach class actions we’ve covered recently over on our newswire.
Can you give me an example of a data breach notification letter?
Absolutely. Here is an example of one sent to Forever 21 employees following a massive data breach that occurred in March 2023. This is the letter sent to consumers affected by the MAPFRE insurance data breach in late August 2023. In some cases, notices may be sent via email.
What if I never heard of the company that sent me a data breach notice?
It’s important to note that, in rare cases, you may not recognize the company sending the letter, but this does not mean it was sent in error.
For instance, a May 2023 data incident affecting a popular file transfer tool caused millions of individuals to have their information exposed. In this instance, many of the data breach letters were sent by a third-party vendor of the affected companies. For example, PBI Research Services sent this letter to customers of Corebridge Financial.
What if I threw my data breach notice out?
It’s important that, if you receive any data breach notice, you do not throw it out. If you’ve already done so, you may want to check the company’s website for their official notice of the breach – it should include the same information that was in your notice. You may also want to check the post for a dedicated number consumers can call with questions about the security incident. It’s worth a call to see if they can resend your notice, but this may not be possible.
What if I think I’m affected but haven’t received a notice?
Notices aren’t always sent immediately after a breach hits the news, so you may just have to be patient. Otherwise, you can check the company’s website to see if they’ve posted a notice about the breach – it may contain a number you can call with questions. They should, at the very least, be able to answer when notices are expected to go out and may also be able to confirm whether you were affected.
Be sure to bookmark our page and come back to it if you believe you’ve been affected by a data breach listed below but haven’t received a notice yet.
What kind of damages can I claim for a data breach?
In general, data breach victims can seek compensation for lost time responding to the incident, out-of-pocket costs related to the breach and loss of privacy.
Depending on the specifics of the data breach, out-of-pocket costs may include some of the following: money spent on preventative measures, such as identity theft and/or credit monitoring; service fees to replace stolen cards; money spent on credit reports and/or credit freezes; the costs associated with obtaining background checks or medical records; increased health insurance costs; and money lost via fraudulent transactions, fraudulent medical bills or stolen tax refunds.
Further damages may become available depending on the type of information exposed. For instance, if a person’s health data is leaked, they may be able to recover money for reputational damage if they are denied medical care or insurance coverage. Likewise, a person whose Social Security number is exposed may be able to recover money for damage to their credit.
How much can I claim in a data breach settlement?
How much you can claim in any data breach settlement will depend on a number of factors, including the specifics of the settlement, the amount of time you spent responding to the incident, the type and total amount of your out-of-pocket expenses, and how many claims are filed. There are never any guarantees as to whether a data breach lawsuit will be successful or how much they could provide to consumers; however, some of the largest data breach settlements obtained via class action lawsuits include a $350 million deal with T-Mobile and a $190 million deal with Capital One.
I’m looking for data breach class action settlements. Where can I find those?
We post class action settlements, including those involving data breaches, over on this page.
How do I know if I was part of a data breach?
If you were affected by a data breach, you should receive a notice via email or regular mail about the incident and what information may have been exposed. All 50 states require that businesses and governments alert consumers if their personal information is breached.
Anything else I should know?
If you’re interested in starting a class action lawsuit, you should know that those who elect to serve as a lead plaintiff are generally entitled to what’s known as a “service award” – that is, an additional payment for their help with the case. Typically, the lead plaintiff in a data breach case does not need to be involved as much as they would in other types of lawsuits. Depositions in these types of class actions are rare, and little documentation and information – aside from the initial data breach notice – is needed.
Plus, if you elect to serve as a lead plaintiff, you can feel good that you’re working to hold a company legally accountable for failing to protect the private information of potentially hundreds of thousands of individuals.
Recent Data Breaches
Received a notice but don’t see the breach listed here? Tell us about it using this form.
Advarra, Inc.
April 2024Advarra, a company that provides research compliance services to hospital systems and clinical research organizations, is notifying patients of Moffitt Cancer Center and Research Institute that their information may have been exposed in a data breach it experienced.
Kaiser Foundation Health Plan
April 2024On April 12, 2024, Kaiser Foundation Health Plan, Inc., which provides health insurance plans to employers, reported to the U.S. Department of Health and Human Services (HHS) a data breach affecting 13,400,000 individuals.
Biggs Cardosa Associates, Inc.
April 2024Structural engineering firm Biggs Cardosa Associates recently reported a data breach that may have exposed individuals' Social Security numbers and other personal information.
WebTPA Employer Services, LLC
April 2024WebTPA Employer Services, which provides third-party administrative services to insurance companies, employers and health systems, is notifying individuals of a data breach in which personal information contained on its network was potentially exposed.
Valley Mountain Regional Center
April 2024Current and former patients of Valley Mountain Regional Center in California may have had their personal and medical data exposed in a July 2023 data breach.
Green Diamond Resource Company
April 2024A June 2023 data breach recently announced by Green Diamond Resource Company may have compromised consumers' personal, financial and medical information.
Blackstone Valley Community Health Center
April 2024Blackstone Valley Community Health Care, which provides medical services in Rhode Island, is notifying individuals of a data breach that affected more than 34,000.
Baker Drywall Partnership, LLP
April 2024Texas-based contractor Baker Drywall Partnership reported a data breach that may have exposed consumers' personal and financial information.
SysInformation Healthcare Services, LLC
April 2024SysInformation Healthcare Services, a revenue cycle management and billing services company, recently reported a data breach that may have exposed consumers' personal and medical information.
Kisco Senior Living, LLC
April 2024Kisco Senior Living experienced a data breach in June 2023 and is now notifying individuals whose personal information may have been compromised.
HUB International Limited
April 2024More than 514,000 individuals were reportedly affected by a data breach that targeted HUB International between December 2022 and January 2023.
AllCare Pharmacy
April 2024Customers of Arkansas-based AllCare Pharmacy are being notified of a data privacy incident that exposed sensitive personal and prescription information.
Island Ambulatory Surgery Center, LLC
April 2024Island Ambulatory Surgery Center in Brooklyn, New York reported a data breach that may have compromised the personal and medical information of people who sought its services.
Visionary Integration Professionals
April 2024Visionary Integration Professionals, which provides IT consulting services, reported a data breach that may have exposed consumers’ Social Security numbers.
DES Architects + Engineers, Inc.
April 2024DES Architects + Engineers revealed that 1,144 individuals may have had their personal information compromised in a data breach that took place last year.
Cherry Street Services, Inc.
February 2024Cherry Health, a healthcare provider in Grand Rapids, Michigan, is notifying patients and former employees of a data breach that may have impacted their personal and health information.
Hapy Bear Surgery Center
April 2024Hapy Bear Surgery Center, a California dental clinic, has begun sending notice of a data breach that may have exposed consumers’ private information.
Alan Ritchey, Inc.
April 2024Logistics company Alan Ritchey recently reported a February 2024 data breach that may have exposed consumers' Social Security numbers and other personal information.
Tandym Group LLC
April 2024Staffing agency Tandym Group recently disclosed a data breach that involved unauthorized access to an employee’s email account and exposed consumers' personal data.
Woodruff-Sawyer & Co.
March 2024Insurance brokerage and consulting firm Woodruff Sawyer is sending notice of a data breach that may have exposed consumer information provided to the company by its clients.
Campbell Killin Brittan & Ray, LLC
March 2024Campbell Killin Brittan & Ray, a law firm in Denver, Colorado, reported that a 2023 data breach may have exposed the names and Social Security numbers of more than 4,000 individuals.
GreenWaste Recovery, LLC
April 2024GreenWaste Recovery, LLC, a California-based recycling and waste management company, began notifying consumers of a November 2023 data breach that may have involved their personal data.
EBlock Corp.
April 2024Nearly 2,000 people may have been impacted by a data breach affecting dealer-to-dealer digital auction platform EBlock.
Clackamas Community College
April 2024Clackamas Community College reported that nearly 8,800 people had their personal information exposed in a January 2024 cybersecurity attack.
Family Health Center
March 2024Both employees and patients of Family Health Center in Kalamazoo, Michigan are affected by an early 2024 data breach in which files were accessed by an unauthorized party.
Sacramento Rehabilitation Hospital
March 2024In March 2024, Sacramento Rehabilitation Hospital began sending out notice of a data breach that may have exposed patients’ personal and health information.
Bakersfield Rehabilitation Hospital
March 2024Bakersfield Rehabilitation Hospital has begun notifying individuals affected by an early 2024 data breach that may have compromised their personal and medical information.
Certain patients of the Rehabilitation Hospital of Southern California may have had their personal and medical information exposed in an early 2024 data breach.
Group Health Cooperative of South Central Wisconsin has reported a data breach that may have impacted the protected health information of more than 533,000 individuals.
More than 160,000 individuals are affected by a data breach at Pacific Guardian Life that potentially exposed personal, medical and financial information.
York County School of Technology
April 2024Pennsylvania's York County School of Technology revealed that 30,914 individuals may have had their personal and health information compromised in a data breach that took place last year.
Tri-City Healthcare District
April 2024Tri-City Healthcare District, which operates Tri-City Medical Center in Oceanside, California, is notifying individuals that their personal information may have been involved in a November 2023 data breach.
Designed Receivable Solutions, Inc.
March 2024Debt collection agency Designed Receivable Solutions reported a data breach in March that affected over 129,000 individuals.
Southwest Boston Senior Services
March 2024Southwest Boston Senior Services, which does business as Ethos, is notifying individuals of a November 2023 data breach that may have exposed their personal and medical information.
AT&T Inc.
March 2024AT&T has acknowledged a massive data breach that exposed sensitive information belonging to 73 million current and former customers.
Delta Pipeline Inc.
March 2024Delta Pipeline is notifying individuals of a data breach that may have exposed their personal information, including Social Security numbers and medical information.
Pembina County Memorial Hospital
March 2024Pembina County Memorial Hospital announced that patients’ personal and health information was compromised during a data breach it experienced in March 2023.
Affinity Health Services
March 2024Affinity Health Services reported that patients and employees of senior living communities may have had their sensitive information exposed in an April 2023 data breach.
M&D Capital Premier Billing LLC
March 2024Medical billing provider M&D recently began notifying its clients' patients of a data breach that may have exposed their sensitive information in June and July 2023.
Monmouth College
March 2024More than 44,000 individuals may have had their personal information compromised in a 2022 ransomware attack on Monmouth College.
Jordano's Inc
March 2024Food service company Jordano’s experienced a data breach in February 2024 and is now notifying those affected that their personal information may have been compromised.
V12 Software, Inc.
March 2024V12 Software, which offers an online-based platform for car dealerships, has reported a data breach that affects more than 286,000 individuals.
Philips Respironics International Colorado, Inc.
January 2024Philips Respironics has reported that more than 457,000 patients had their personal and medical information exposed in the data breach involving the MOVEit transfer tool.
R1 RCM Inc.
March 2024R1 RCM, a business associate of St. Rose Dominican Hospital de Lima in Henderson, Nevada, has reported that over 16,000 individuals' personal and medical information may have been exposed in a data breach.
Citizens Bank of West Virginia
March 2024Citizens Bank reported a November 2023 data breach that may have exposed the personal information of more than 35,000 individuals.
Akumin
December 2023Confidential patient information was exposed in a ransomware attack on Akumin, a provider of outpatient radiology and oncology services.
Aveanna Healthcare
March 2024Aveanna Healthcare, a provider of home and hospice care, is notifying patients and employees of a data breach that took place last year and exposed certain personal and medical information.
Eland Energy
March 2024Eland Energy has begun notifying individuals that their private data may have been compromised in a data breach the oil and natural gas company experienced in January 2024.
Stanford University
March 2024Stanford University is sending notice letters to thousands of individuals who may have had their data exposed in a months-long data breach that took place last year.
Saint Louis University
March 2024Saint Louis University has reported a months-long data breach that may have exposed individuals' personal, financial and medical information.
Nations Direct Mortgage, LLC
March 2024Nations Direct Mortgage is notifying individuals of a data breach that may have exposed their personal information in December 2023.
Change Healthcare
February 2024A massive Change Healthcare cyberattack has reportedly impacted patients and healthcare providers alike, including by delaying access to prescriptions and healthcare services and blocking insurance reimbursements.
CCM Health
March 2024CCM Health reported an April 2023 data breach that may have exposed the personal information of more than 29,000 individuals.
MOVEit
May 2023Massive litigation is proceeding over the 2023 MOVEit data breach, an incident that has reportedly affected more than 94 million people and has been called the “biggest data theft” of the year.
Elemetal
March 2024Elemetal, a precious metals refiner, is notifying consumers that their private information may have been exposed during a data breach last year.
Institute of Food Technologists
February 2024Institute of Food Technologists has reported a data breach that occurred in April 2023 and may have compromised individuals' names, Social Security numbers, financial details, medical information and more.
Pacific Cataract and Laser Institute is notifying patients of a November 2023 data breach that may have exposed their personal, medical, health insurance, and financial information.
Bradford-Scott Data, LLC
February 2024Bradford-Scott is providing notice on behalf of its customers of a May 2023 data breach that may have exposed consumers' sensitive personal information.
NewGen Administrative Services
February 2024A data breach involving NewGen Administrative Services, LLC may have exposed the personal, financial and/or health information of individuals associated with several healthcare providers.
Rio Hondo Community College District
February 2024Rio Hondo Community College District recently announced that current and former students' personal information may have been compromised in an October 2023 data breach.
Cencora, Inc.
February 2024Cencora has reported to the SEC a data breach in which personal information was stolen from its systems.
Crossroads Equipment Lease & Finance
February 2024Around February 23, 2024, Crossroads Equipment Lease & Finance began sending out notice of a data breach that reportedly impacted over 24,000 individuals.
Davlyn Investments Property Management
February 2024Around February 14, 2024, Davlyn Investments began sending out notice of a data breach that exposed individuals’ names and Social Security numbers.
Superior Communications
February 2024Superior Communications, a provider of mobile accessories and services to major wireless carriers, retailers and more, recently reported a data breach that exposed personal information.
Bay Area Heart Center
January 2024More than 11,000 patients had their personal information exposed in a data breach affecting a business associate of Bay Area Heart Center, which is located in Florida.
Prime Healthcare Employee Health Plan
February 2024More than 100,000 people may have had their personal and medical information exposed in a data breach affecting Prime Healthcare benefit plan members.
CarePro Health Services
January 2024Patients who used CarePro Health Services, also known as CR Pharmacy Services, may have had their personal and medical information exposed in a November 2023 data breach.
SinglePoint Outsourcing
February 2024Singlepoint, which provides HR outsourcing solutions, is notifying individuals of a data breach in which an unauthorized individual acquired files containing personal data in November 2023.
National Advisors Trust
February 2024National Advisors Trust is notifying consumers about a data security incident that may have compromised their private information in April 2023.
Azura Vascular Care
January 2024Got a notice about the Azura Vascular Care data breach? You may be able to start a class action and recover money for having your info exposed. Learn more.
J.D. Gilmour & Co.
January 2024J.D. Gilmour has reported a June 2023 security breach that exposed the personal information of individuals in relation to their insurance coverage.
Tristar Insurance Group
January 2024Third-party insurance claims administrator TRISTAR is notifying individuals of a data breach that took place in November 2022 and exposed personal information.
Emmanuel College
January 2024In January 2024, Emmanuel College began notifying individuals who may have had their private information exposed in a data breach it experienced last year.
Infosys McCamish Systems LLC
February 2024Infosys McCamish Systems, which provides services for deferred compensation plans, is notifying consumers about a data breach affecting more than 57,000.
Raptor Technologies
January 2024School safety software provider Raptor Technologies acknowledged a data breach that reportedly exposed over four million records, including sensitive data belonging to students, parents and school staff.
HMG Healthcare, LLC
January 2024Nursing home operator HMG Healthcare has reported that 80,000 patients and employees may have had their information exposed in a data breach in August 2023.
First Financial Security, Inc.
January 2024First Financial Security has reported that it fell victim to a ransomware attack that exposed individuals' full names, Social Security numbers and other "personal information."
InHealth Technologies
January 2024More than 12,000 InHealth customers may have had their personal and protected health information exposed in a 2023 data breach.
Plaza Radiology, LLC
December 2023Plaza Radiology, also known as Chattanooga Imaging, reported a data breach that exposed over 569,000 individuals' personal information in October 2023.
Hair Club for Men, Ltd., Inc.
January 2024Hair Club for Men reported that over 4,000 current and former employees may have had their personal information exposed in a data breach.
Senior Scripts
January 2024Senior Scripts, which provides pharmaceutical and other health- and medical-related services, has reported to the U.S. Department of Health and Human Services a data breach affecting 10,566 individuals.
TTM Technologies
December 2023Printed circuit board manufacturer and technology solutions provider TTM Technologies experienced a data breach in late September that compromised approximately 7,333 individuals' personal information.
Panasonic Avionics Corporation
December 2023Panasonic Avionics Corporation, which provides in-flight entertainment and communication systems, has reported a cybersecurity incident that exposed information of an undisclosed number of individuals.
Estes Express Lines
December 2023Trucking company Estes Express Lines reported a ransomware attack that exposed more than 21,000 individuals' personal information in October 2023.
TaxPlus
December 2023TaxPlus, which provides tax preparation and accounting services in Los Angeles and San Diego, has announced that hackers gained access to its tax preparation software and made copies of client data over the course of several days in late August 2023.
AMCP Payments Intermediate Company LLC
December 2023AMCP Payments Intermediate Company, which does business as Talus Pay, reported that an unauthorized actor gained access to personal information stored in certain employee email accounts in May 2023.
Coos Health & Wellness
December 2023Coos Health & Wellness announced a data breach that may have exposed personal information belonging to individuals who received services from public or behavioral health programs it sponsors.
Warrior Met Coal, Inc.
December 2023Alabama coal producer Warrior Met Coal reported that nearly 20,000 individuals' personal information may have been exposed during a July 2023 cyberattack.
CVC Holding Corp
December 2023CVC Holding Corp recently experienced a data breach during which a ransomware group may have gained access to individuals' personal information.
Neuromusculoskeletal Center of the Cascades and Cascade Surgicenter (The Center) announced that patients’ personal and health information was compromised during a data breach experienced between October 2 and October 3, 2023.
Foursquare Healthcare, Ltd.
November 2023Foursquare Healthcare, a Texas-based senior care provider, reported that patient and employee information was exposed in a September 2023 data breach.
4 Over LLC
December 2023Wholesale trade printer 4 Over has announced a data breach that may have exposed over 8,000 consumers' personal information in November 2022.