Green Diamond Resource Company, a forest management business, is seeking court approval to pay $695,000 to settle claims that it failed to adequately safeguard the personal information of about 28,000 consumers in a 2023 data breach. Gregorio v. Green Diamond Resource Co., No. 2:24-cv-00596 (W.D. Wash. 9/22/25).

The breach allegedly exposed a wide range of personal information, including:

• Names and dates of birth;
• Social Security numbers;
• Financial account details;
• Medical and health insurance information;
• Government-issued identification numbers (driver’s licenses, state IDs, and passports); and
• Access credentials.

Plaintiffs alleged that Green Diamond did not meet its obligations under common law, contract law, industry standards, and the Federal Trade Commission Act to maintain reasonable security practices.

Members of the settlement class will receive:

• Up to $5,000 in documented out-of-pocket expenses related to the breach;
• A pro-rata cash payment from the net settlement fund; and
• Credit monitoring services to help detect future fraud or misuse of personal data.

Class counsel plan to request:

• $208,500 in attorney fees (about one-third of the settlement fund);
• Up to $50,000 in litigation costs; and
• $5,000 service awards for each class representative.

This case highlights the growing accountability companies face when consumer data is compromised. With personal and financial details at stake, courts and regulators continue to scrutinize whether businesses are implementing “reasonable and adequate” cybersecurity measures.