Data Breach Lawsuits & Investigations
Every year, hundreds of millions of people are affected by data breaches that can leave them vulnerable to identity theft, credit damage, reputational harm and more.
Class action lawsuits remain one of the strongest ways to hold companies accountable for leaving consumers’, employees’ and patients’ private information unprotected. Indeed, some have resulted in multi-million-dollar settlements on behalf of those who – through no fault of their own – had their information stolen and, in the worst cases, even published on the dark web.
When a data breach lawsuit is successful, it can also require the company at fault to implement new security protocols to ensure the information it is entrusted with – medical, financial and otherwise – stays safe.
Got a data breach notice?
Scroll down to see the list of data breaches attorneys working with ClassAction.org are currently investigating. If you see one that looks familiar, click through to learn more about the breach and what you can do to potentially help get a class action lawsuit started.
And remember – don’t throw your notice away! It essentially serves as proof that you were affected by a specific security incident and can be vital if you choose to take legal action for the harm you suffered.
We update this page often with new data breach investigations, so make sure to bookmark it and come back regularly. You can also sign up for our free newsletter, which is sent on a weekly basis and includes our latest data breach alerts.
Featured Data Breaches
Landmark Admin, LLC
October 2024Landmark Admin, a third-party administrator for life insurance carriers, is notifying policy holders and beneficiaries of a data breach that may have exposed their private information.
Summit Pathology
October 2024Summit Pathology, which provides pathology services to hospitals and physician offices in Colorado, Wyoming and Nebraska has announced a data breach impacting patient information.
OnePoint Patient Care
October 2024OnePoint Patient Care, a pharmacy benefit manager and dispensing pharmacy for hospices, is notifying patients of an August 2024 data breach that may have compromised their personal information.
Smile Design Management
October 2024Smile Design, which operates dozens of dental clinics throughout Florida, has announced a data breach that compromised certain personal information in February 2024.
Bon Secours Mercy Health, Inc.
October 2024Bon Secours Mercy Health has reported a months-long data breach that potentially exposed sensitive personal information earlier this year.
Hot Topic
October 2024Reports have surfaced that a hacker may have stolen personal and card data for 350 million customers of Hot Topic and two affiliated brands, Torrid and BoxLunch.
Join the Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Data Breach FAQs
I got a data breach notification. Does this definitely mean my info is being used fraudulently?
Not necessarily. When a company experiences a data breach, state law requires that it notify affected individuals. Receiving a letter does not automatically mean that your personal information is being used fraudulently – it just means your information was exposed in a data security incident and has the potential for being misused.
What should I do if I get a data breach letter?
If you get a data breach notice, make sure to read it closely. It should contain information on what happened, what information was involved, what the company is doing about it, steps you can take to protect yourself, and how you can get more information.
Some companies may offer free credit and/or identity theft monitoring for a period of time following a data breach, and the notice should include instructions on how to sign up. If you’re offered free monitoring, take advantage of it; signing up should not affect any legal claim you may have against the company.
Importantly, if you get a data breach letter, don’t throw it out! If you are interested in helping any of the investigations listed on this page, attorneys will want to see the letter you received.
Why do attorneys need to see my data breach notice?
Attorneys working with ClassAction.org are specifically looking to hear from people with a data breach notice because it essentially serves as proof that the individual was a victim of the incident and makes for a stronger legal claim.
So, I can sue over a data breach?
Yes. If your data was exposed in a security incident, you may be able to sue the company or companies responsible. Dozens of data breach class action lawsuits are filed each month, and this number only continues to increase. You can check out the proposed data breach class actions we’ve covered recently over on our newswire.
Can you give me an example of a data breach notification letter?
Absolutely. Here is an example of one sent to Forever 21 employees following a massive data breach that occurred in March 2023. This is the letter sent to consumers affected by the MAPFRE insurance data breach in late August 2023. In some cases, notices may be sent via email.
What if I never heard of the company that sent me a data breach notice?
It’s important to note that, in rare cases, you may not recognize the company sending the letter, but this does not mean it was sent in error.
For instance, a May 2023 data incident affecting a popular file transfer tool caused millions of individuals to have their information exposed. In this instance, many of the data breach letters were sent by a third-party vendor of the affected companies. For example, PBI Research Services sent this letter to customers of Corebridge Financial.
What if I threw my data breach notice out?
It’s important that, if you receive any data breach notice, you do not throw it out. If you’ve already done so, you may want to check the company’s website for their official notice of the breach – it should include the same information that was in your notice. You may also want to check the post for a dedicated number consumers can call with questions about the security incident. It’s worth a call to see if they can resend your notice, but this may not be possible.
What if I think I’m affected but haven’t received a notice?
Notices aren’t always sent immediately after a breach hits the news, so you may just have to be patient. Otherwise, you can check the company’s website to see if they’ve posted a notice about the breach – it may contain a number you can call with questions. They should, at the very least, be able to answer when notices are expected to go out and may also be able to confirm whether you were affected.
Be sure to bookmark our page and come back to it if you believe you’ve been affected by a data breach listed below but haven’t received a notice yet.
What kind of damages can I claim for a data breach?
In general, data breach victims can seek compensation for lost time responding to the incident, out-of-pocket costs related to the breach and loss of privacy.
Depending on the specifics of the data breach, out-of-pocket costs may include some of the following: money spent on preventative measures, such as identity theft and/or credit monitoring; service fees to replace stolen cards; money spent on credit reports and/or credit freezes; the costs associated with obtaining background checks or medical records; increased health insurance costs; and money lost via fraudulent transactions, fraudulent medical bills or stolen tax refunds.
Further damages may become available depending on the type of information exposed. For instance, if a person’s health data is leaked, they may be able to recover money for reputational damage if they are denied medical care or insurance coverage. Likewise, a person whose Social Security number is exposed may be able to recover money for damage to their credit.
How much can I claim in a data breach settlement?
How much you can claim in any data breach settlement will depend on a number of factors, including the specifics of the settlement, the amount of time you spent responding to the incident, the type and total amount of your out-of-pocket expenses, and how many claims are filed. There are never any guarantees as to whether a data breach lawsuit will be successful or how much they could provide to consumers; however, some of the largest data breach settlements obtained via class action lawsuits include a $350 million deal with T-Mobile and a $190 million deal with Capital One.
I’m looking for data breach class action settlements. Where can I find those?
We post class action settlements, including those involving data breaches, over on this page.
How do I know if I was part of a data breach?
If you were affected by a data breach, you should receive a notice via email or regular mail about the incident and what information may have been exposed. All 50 states require that businesses and governments alert consumers if their personal information is breached.
Anything else I should know?
If you’re interested in starting a class action lawsuit, you should know that those who elect to serve as a lead plaintiff are generally entitled to what’s known as a “service award” – that is, an additional payment for their help with the case. Typically, the lead plaintiff in a data breach case does not need to be involved as much as they would in other types of lawsuits. Depositions in these types of class actions are rare, and little documentation and information – aside from the initial data breach notice – is needed.
Plus, if you elect to serve as a lead plaintiff, you can feel good that you’re working to hold a company legally accountable for failing to protect the private information of potentially hundreds of thousands of individuals.
Recent Data Breaches
Received a notice but don’t see the breach listed here? Tell us about it using this form.
Center for Urban Community Services
October 2024More than 30,000 individuals may have been impacted by a September 2023 data breach at The Center for Urban Community Services.
Mystic Valley Elder Services
October 2024Mystic Valley Elder Services is notifying individuals about the potential exposure of their personal information in an April 2024 data breach.
RRCA Accounts Management Inc.
October 2024Collection agency RRCA Accounts Management is notifying individuals of a June 2024 ransomware incident during which personal and health information were accessed.
Boart Longyear Group, Ltd.
October 2024Drilling services and equipment provider Boart Longyear is notifying individuals of a mid-2024 data breach in which an unauthorized party accessed personal, medical and financial information.
Newtyn Management, LLC
October 2024Newtyn Management has reportedly experienced a data breach, and the New York City investment firm is now sending notice to those whose private information may have been impacted.
Advanced Recovery Equipment & Supplies, LLC
October 2024The New York City-based medical equipment provider has reported a June/July 2023 data breach that may have exposed sensitive personal and financial information.
Chimienti & Associates
October 2024Chimienti & Associates is notifying consumers about a March 2024 data breach that potentially exposed their Social Security numbers and other private information.
Harvard Pilgrim Health Care
October 2024Harvard Pilgrim Health Care has reported a data breach due to a "mailing error" that resulted in consumers' personal information being inadvertently displayed in window envelopes in September 2024.
Gandara Mental Health Center
October 2024Current and former patients of the Mass.-based behavioral health and substance use treatment provider may have had their personal and medical information exposed in a June 2024 data breach.
Landmark Admin, LLC
October 2024Landmark Admin, a third-party administrator for life insurance carriers, is notifying policy holders and beneficiaries of a data breach that may have exposed their private information.
OnePoint Patient Care
October 2024OnePoint Patient Care, a pharmacy benefit manager and dispensing pharmacy for hospices, is notifying patients of an August 2024 data breach that may have compromised their personal information.
BronxWorks Inc.
October 2024BronxWorks is notifying individuals of a 2023 data breach that involved unauthorized access to employee email accounts, exposing personal, financial and health information.
Rocky Mountain Gastroenterology
October 2024Rocky Mountain Gastroenterology has reportedly experienced a data breach carried out by three cybercriminal groups that may have exposed patients' personal and medical information.
Hot Topic
October 2024Reports have surfaced that a hacker may have stolen personal and card data for 350 million customers of Hot Topic and two affiliated brands, Torrid and BoxLunch.
Autobell Car Wash, LLC
October 2024Autobell Car Wash has announced an April 2024 data breach that has reportedly impacted the private information of more than 52,000 individuals.
Alta Resources Corporation
October 2024Alta Resources Corporation, which provides business process outsourcing services to clients including Church & Dwight Co., Inc., has announced a data breach that exposed consumers' personal and financial information.
Brighthouse Life Insurance Company
October 2024Brighthouse Life Insurance Company has disclosed a data breach at a third party that may have exposed consumers' Social Security numbers and other personal information in February 2024.
Smile Design Management
October 2024Smile Design, which operates dozens of dental clinics throughout Florida, has announced a data breach that compromised certain personal information in February 2024.
Abbott Laboratories Employees Credit Union
October 2024More than 36,000 people are reportedly affected by a data breach at Abbott Laboratories Employees Credit Union that exposed personal and financial information.
General Physician, P.C.
October 2024In June 2024, General Physician, P.C. detected a data breach that compromised confidential patient information.
Summit Pathology
October 2024Summit Pathology, which provides pathology services to hospitals and physician offices in Colorado, Wyoming and Nebraska has announced a data breach impacting patient information.
Loring, Wolcott & Coolidge
October 2024Boston-based financial planning firm Loring, Wolcott & Coolidge is notifying individuals about the potential exposure of their personal information in a data breach that took place between April and May 2024.
Leaders Staffing
October 2024Leaders Staffing is sending out notice of a January 2024 data breach that reportedly impacted 51,929 individuals.
Clay Platte Family Medicine
October 2024Clay Platte Family Medicine is notifying individuals of a June 2024 data breach impacting certain personal health data maintained by the Missouri provider and clinics it shares patients with—namely, Summit Family and Sports Medicine Clinic, Cobblestone Family Medicine Clinic, and Barry Pointe Family Medicine Clinic.
Datavant Group
October 2024Health information technology company Ciox Health, which does business as Datavant Group, reported a data breach to the U.S. Department of Health and Human Services on October 7, 2024.
Bayhealth Medical Center
October 2024Bayhealth Medical Center, a healthcare system in Delaware, has reportedly experienced a ransomware attack in which consumers' Social Security numbers, medical information and health insurance details were stolen.
Globe Life
October 2024Globe Life, Inc. has announced that an unknown threat actor is seeking to extort money in exchange for not revealing personal information related to subsidiary American Income Life Insurance Company and certain customers.
CreditRiskMonitor.com, Inc.
October 2024CreditRiskMonitor.com has reported a July 2024 data breach that exposed employees' and contractors' sensitive information to unauthorized access.
miCare Health Center
October 2024A data breach experienced by miCare Health Center in 2024 has exposed confidential patient information.
Insurance Agency Marketing Services, Inc.
September 2024Insurance Agency Marketing Services, Inc. (IAMS), an independent insurance brokerage agency, experienced a data breach in the first half of 2024 that exposed personal, financial and medical information.
Varsity Brands Inc.
October 2024Varsity Brands has reported a May 2024 data breach that may have compromised the sensitive personal information of over 65,000 people.
American Water
October 2024American Water, a public utility serving more than 14 million customers, announced in early October 2024 that it had noticed unusual activity on its network, later determined to be a cybersecurity attack.
Gryphon Healthcare, LLC
October 2024A data breach affecting revenue cycle and management company Gryphon Healthcare may have exposed the private and protected health information of more than 390,000 patients.
Bel-Air Bay Club Ltd.
October 2024Los Angeles beach club and wedding venue Bel-Air Bay Club is notifying individuals whose information may have been exposed in a September 2024 data breach.
Bon Secours Mercy Health, Inc.
October 2024Bon Secours Mercy Health has reported a months-long data breach that potentially exposed sensitive personal information earlier this year.
Axis Health System
September 2024Southwest Colorado Mental Health Center, which does business as Axis Health System, has uncovered a cybersecurity breach that involved unauthorized access to its computer network and took place in mid-2024.
Omni Family Health
October 2024California healthcare provider Omni Family Health is notifying patients and employees that their personal information may have been posted on the dark web.
McKell Financial Group
October 2024In June 2024, California-based financial advisory firm McKell Financial Group uncovered a cybersecurity incident involving unauthorized access to an employee email account.
MIPS Holdings, Inc.
September 2024MIPS, a semiconductor design company, is notifying individuals of a June 2024 data breach that may have compromised their personal information.
Long Island Plastic Surgical Group, PC
October 2024Long Island Plastic Surgical Group has reported to at least one attorney general's office a January 2024 data breach that reportedly exposed personal, financial and medical information.
Dohman, Akerlund & Eddy LLC
October 2024Accounting firm Dohman, Akerlund & Eddy is sending notice of a data breach that may have exposed personal information for over 82,000 people.
Mattson Technology, Inc.
September 2024Mattson Technology, Inc., a semiconductor manufacturing company, has reported a data breach that occurred in April 2023 and potentially exposed sensitive personal information.
Provation Software Inc.
October 2024Provation, a software provider in the healthcare industry, is notifying individuals that their personal information may have been exposed to unauthorized access.
Tektronix Inc
October 2024In early October 2024, Tektronix announced that it experienced cybersecurity breaches that involved two separate unauthorized third parties and exposed troves of personal data.
Orchid Orthopedic Solutions
September 2024Orchid Orthopedic Solutions, which provides medical device contracting, design and manufacturing, reported a data breach to the Oregon attorney general in September 2024, with a criminal hacking group claiming responsibility.
The Tech Interactive
September 2024The Tech Interactive announced a data breach that may have exposed individuals’ personal information in April 2024.
Amgen Inc.
September 2024Amgen is notifying individuals affected by a data breach at one of its vendors that may have exposed vast amounts of personal information.
Comcast Cable Communications, LLC
October 2024Comcast is notifying individuals of a February 2024 data breach that targeted one of its vendors and exposed consumers’ personal information.
MoneyGram
October 2024MoneyGram has announced a data breach that may have impacted consumers' personal information, including financial data and some Social Security numbers.
CF Medical
September 2024CF Medical is notifying individuals of a data breach that impacted Financial Business and Consumer Solutions, one of its vendors.
JTaylor & Associates, LLC
September 2024JTaylor & Associates, LLC has reported to the Department of Health and Human Services a data breach that affected more than 22,000 individuals.
Balboa Bay Club Ventures LLC
October 2024Balboa Bay Club is notifying individuals that their names, Social Security numbers and driver’s license numbers may have been exposed in a data breach.
New York Sports Club
September 2024More than 19,000 employees may have had their personal information exposed in a July 2024 data breach.
Exeter Finance, LLC
September 2024Lending agency Exeter Finance reported a data breach that may have impacted individuals' names, Social Security numbers, financial details and more.
Griffon Corporation
September 2024Current and former employees of Griffon Corporation and its subsidiaries and affiliates may have had their personal data exposed in a mid-2024 data breach.
Heart South Cardiovascular Group
September 2024Heart South Cardiovascular Group is notifying individuals about a May 2024 data breach that may have compromised their personal and health information.
Wright, Moore, DeHart, Dupuis & Hutchinson, LLC
September 2024Wright, Moore, DeHart, Dupuis & Hutchinson, LLC, a certified public accounting firm based in Lafayette, Louisiana, is notifying individuals of a data breach that may have impacted their Social Security numbers and other personal information.
MC2 Data
September 2024Reports say that nearly one-third of the United States’ population has had their personal information leaked in a massive breach that targeted background check firm MC2 Data.
Delta Health System
September 2024Delta Health System is notifying victims of a data breach that may have compromised their personal, financial and medical information in January 2024.
TradeZero America Inc.
September 2024TradeZero America is notifying individuals that their information may have been exposed in a July 2024 incident affecting a third-party vendor.
LA Financial Federal Credit Union
September 2024LA Financial Federal Credit Union is notifying individuals of a June 2024 data breach involving a compromised employee email account that exposed sensitive personal information to unauthorized access.
Altman Specialty Plants, LLC
September 2024Altman Specialty Plants, the largest horticultural grower in the U.S., is sending notice of a September 2023 data breach that may have compromised Social Security numbers, financial details, medical information and more.
Theresa Gordon Tax Services, Inc.
September 2024Theresa Gordon Tax Services, a tax preparation firm in Southern California, is notifying clients of a data breach that may have exposed their sensitive information between May and July 2023.
Illinois Bone & Joint Institute, LLC
August 2024Illinois Bone & Joint Institute is sending notice of a data breach that reportedly lasted from late May to early July 2024 and impacted nearly 183,000 individuals.
EngageMED, Inc.
August 2024EngageMED is notifying patients of a 2024 data breach that may have compromised information as sensitive as Social Security numbers and medical information.
Propark Mobility
September 2024Propark Mobility employees may have had their personal information exposed in a data breach that took place in January 2024.
Futurity First Insurance Group
July 2024Futurity First Insurance Group is notifying consumers that their personal information may have been exposed when an unauthorized party gained access to several company email accounts.
US Merchants Financial Group, Inc.
September 2024Packaging and containers manufacturer US Merchants is notifying individuals of a February 2024 data breach that may have exposed their personal information.
Riverside Resort & Casino
September 2024Riverside Resort & Casino in Laughlin, Nevada has reported a data breach affecting more than 55,000 individuals in which an unauthorized party potentially stole files containing personal information.
Turning Point of Central California, Inc.
August 2024Turning Point of Central California has begun notifying individuals who may have had their private information exposed in a data breach the nonprofit detected earlier this year.
Daniel J. Leeman, M.D.
September 2024Austin-based surgeon and ENT physician Daniel J. Leeman experienced a data breach that may have compromised patients' personal and medical information.
Slim CD, Inc.
September 2024Payment processor Slim CD has reported a data breach that may have exposed the credit card information of consumers who made purchases from merchants that used the company's services.
Covenant Care California, LLC
August 2024Covenant Care California, which operates skilled nursing facilities and home health agencies, is notifying patients and others of a data breach that may have exposed their sensitive information.
Public Agency Retirement Services
August 2024A phishing attack has resulted in the exposure of personal information belonging to employees of public agencies that used PARS for retirement plan purposes.
CBIZ Benefits & Insurance Services, Inc.
August 2024CBIZ has announced a recent data breach that may have impacted personal information of consumers associated with retiree health and welfare plans to which CBIZ provides business services.
Kingdom Trust
August 2024Kingdom Trust is notifying individuals that their personal information may have been exposed in a data breach.
The Facial Pain Center, PLLC
August 2024The Facial Pain Center, a Minnesota healthcare provider specializing in sleep apnea and TMD treatments, recently announced a data breach that reportedly impacted over 238,000 patients.
Keystone Pacific Property Management
August 2024In December 2023, Keystone Pacific Property Management first detected a data breach that exposed individuals’ personal information.
Dental Specialists of Minnesota, PLLC
August 2024Minnesota dental practice The Dental Specialists has reported a data breach that may have impacted over 38,000 patients.
Arden Claims Service
August 2024Arden Claims Service recently reported an October 2023 data breach that may have exposed consumers' personal information.
Mid-Columbia Center for Living
August 2024Mid-Columbia Center for Living, a behavioral health agency with locations in Oregon, has reported a data breach that may have exposed the private information of current and former clients.
Carespring Health Care Management
August 2024More than 76,000 individuals may have had their personal, financial and/or medical information exposed in a data security incident at Carespring Health Care Management, which provides senior care in Ohio and Kentucky.
Pocahontas Medical Clinic, PA
August 2024More than 31,000 individuals may have had their private information compromised in a May 2024 data breach that targeted Pocahontas Medical Clinic.
Gastrointestinal Medicine Associates
August 2024Gastrointestinal Medicine Associates, a Rhode Island gastroenterology practice, is providing notice of a data breach that impacted nearly 32,000 individuals.
Consilium Staffing, Inc
August 2024Consilium Staffing, a company connecting contract healthcare providers with understaffed medical facilities, has reported a data breach discovered in October 2023 that potentially exposed sensitive personal information.
American Clinical Solutions, LLC
July 2024American Clinical Solutions has reported a hacking incident that may have exposed the personal health information of an estimated 300,000 individuals.
Enroll Confidently, Inc.
August 2024Enroll Confidently is notifying individuals of a February 2024 data breach that may have exposed their personal information.
Park Dental
August 2024Park Dental is notifying patients that their personal information may have been exposed in a January 2024 data breach.
Student Transportation of America
August 2024Student Transportation of America reported a data breach involving unauthorized access to employee email accounts and the potential exposure of individuals' personal information.
Olympus Financial
August 2024Southern California financial services firm Olympus Financial announced a data breach that may have exposed consumers' Social Security numbers, banking information and more.
Educators Benefit Consultants, LLC (Aviben)
August 2024Educators Benefit Consultants, LLC, which does business as Aviben, has begun sending out notice of a data breach that reportedly impacted 39,640 individuals.
Walser Automotive Group
July 2024Walser Automotive Group reported a May 2024 data breach that may have exposed individuals’ names, Social Security numbers and more.
Special Health Resources of Texas, Inc.
July 2024Special Health Resources of Texas, Inc. has reported a hacking incident that potentially compromised patients’ private health information.
LS Networks
July 2024Telecommunications company LS Networks is notifying individuals of a data breach that may have exposed Social Security numbers and other personal information.
Brownell Travel, Inc.
July 2024Brownell Travel, Inc. reported a November 2023 data breach that may have exposed the personal information of more than 12,800 individuals.
Peterson Holding Company
August 2024Peterson Holding Company and its subsidiaries are providing notice of a June 2023 data breach that may have exposed current and former employees' personal information.
Calibrated Healthcare, LLC
August 2024Calibrated Healthcare is providing notice of a data breach that may have impacted consumers' personal and health information.
Advantage Orthopedic & Sports Medicine is notifying individuals that their personal information may have been exposed during a data breach in January and February 2024.
Coastal Plains Community MHMR Center
July 2024Coastal Plains Community Center/Coastal Plains Integrated Health has reported that a November 2023 data breach exposed the private information of more than 45,000 individuals.
Northeast Rehabilitation Hospital Network has announced a data privacy incident potentially impacting the security of information related to certain current and former patients.