Data Breach

Subscribe to Data Breach via RSS

Green Diamond Resource Company, a forest management business, is seeking court approval to pay $695,000 to settle claims that it failed to adequately safeguard the personal information of about 28,000 consumers in a 2023 data breach. Gregorio v. Green Diamond Resource Co., No. 2:24-cv-00596 (W.D. Wash. 9/22/25).

The breach allegedly exposed a wide range of

Last week, two separate class actions were filed in the federal district court for the Southern District of Texas against DISA Global Solutions (DISA), a third-party employment screening services provider, related to an April 2024 cyber-attack.

DISA provides drug and alcohol testing and background checks for employers. DISA reportedly faced a cyber-attack from February to

This post was authored by Class Action Defense team chair Wystan Ackerman and is also being shared on our Class Actions Insider blog.

Some data breach class actions settle quickly, with one of two settlement structures:

(1) a “claims made” structure, in which the total amount paid to class members who submit valid claims is

Eyeglass manufacturer and retailer Warby Parker recently settled a 2018 data breach investigation by the Office for Civil Rights (OCR) for $1.5 million. According to OCR’s press release, Warby Parker self-reported that between September and November of 2018, unauthorized third parties had access to customer accounts following a credential stuffing attack. The names, mailing and

Elemetal LLC faces a data breach class action resulting from its alleged failure to implement appropriate security measures, which led to a 2023 breach of approximately 13,000 customers’ personal information. Elemetal is a precious-metal refiner based in Texas, operating in more than 45 locations in the U.S.

The subject breach occurred between August 22 and

The city of Columbus, Ohio, announced on May 29, 2024, that a ransomware attack forced its systems offline. According to its notice, the attack was perpetrated by “an established, sophisticated threat actor operating overseas,” and that it was working with law enforcement to investigate the incident.  The culprit behind the ransomware attack is reported to

This week, the Federal Communications Commission (FCC) announced a settlement with TracFone Wireless to resolve investigations into whether TracFone failed to reasonably protect its customers’ information from unauthorized access in connection with three data breaches.

The breaches occurred between January 2021 and January 2023. Each of these data breaches involved the exploitation of application programming

We previously alerted readers to the fact that the most recent data compromise of 23andMe exposed data related to Ashkenazi Jews and individuals of Chinese descent. It is reported by Ars Technica, citing TechCrunch, that “nearly half of 23andMe’s 14 million users’ [information] was hacked,” estimated at 6.9 million users.

23andMe is notifying affected users.

The State Bar of Georgia recently disclosed that it was the victim of a cybersecurity incident in April 2022, when an unauthorized individual accessed its systems and compromised the data of current and former employees and “some members of the State Bar.”

The incident included unauthorized disclosure of individuals’ names, addresses, dates of birth, Social