From Data Breach to Compensation

Reviewed by Mark R. Miller, Esq.

The modern world runs on data. Whether logging into a social media account, checking out at the grocery store, or buying clothes online, we give our data to hundreds of companies every day. 

These companies have a legal responsibility to protect your data. But security issues are on the rise—more than 349 million people were impacted by data breaches in 2023. When companies fail to keep your data safe, your information may be exposed or accessed. And while nothing can undo a data breach, you may be able to recover the value of your stolen data through a class action settlement. 

That’s where the privacy protection legal team at Wallace Miller comes in. When companies fail to protect your most sensitive information, we can help you hold them responsible Reach out to our team of data breach lawyers at 331-425-8022 or complete our free online case evaluation to find out if you may have a case.

 

Your personal information online

Most of us share a wide variety of personal information online as part of our day-to-day lives. Information that may be at risk in a data breach includes your:

• Name 
• Social security number 
• Email address 
• Social media logins 
• Mailing and physical address 
• Bank account numbers 
• Credit card numbers 
• Health information 
• IP (Internet Protocol) address 
• Driver’s license number 

While it’s important to be careful about what information you share on the internet, the websites and companies you share it with have a legal obligation to protect it. When their security systems fail and a data breach occurs, you may be able to join a class action lawsuit and fight for a settlement. 

What is a data breach?

A data breach occurs when information collected by a company, government agency, or other organization is disclosed to the public without permission, usually through a security issue. Hackers may steal personal data through methods like malware, ransomware, phishing, or compromised business emails. 

Data breaches are becoming more common. In 2024 alone, major breaches included access to and theft of: 

• The majority of AT&T’s customer records. 
• Millions of patients’ medical data through Change Healthcare. 
• Patient data from the pathology lab Synnovis (leading to outages in hospitals across London). 
• Ticketmaster customer data. 
• 2.7 billion personal records from National Public Data. 

Common types of data breaches

Data may be accessed or exposed through a range of methods, including: 

• Unsecure online security systems – Hackers may be able to find their way around an online security system, especially if it hasn’t been recently updated. Companies may avoid updating their security systems to save costs, which can result in outdated security systems holding consumer information, increasing the risk of a breach. 
• Unauthorized sale of personal information – Many states require companies to notify consumers about how they handle customer information. However, some businesses profit from selling customer data. This allows unknown third parties to access personal information. 
• Malware – Malware refers to malicious software. In a malware attack, a hacker installs software over a network onto the intended target’s device. This allows the program to scour the device for the user’s stored personal information. 
• Ransomware – Ransomware is a type of malware that blocks a person’s access to their own device unless they pay a third party the demanded ransom. 
• Hacking attacks – Hacking involves using a computer to gain unauthorized access to someone’s personal information. Hackers may access online databases to obtain personal information on those databases. 
• Decommissioning of IT assets – Even if a company updates their network devices, computers, and other IT assets, old versions may contain consumers’ sensitive information. If companies are not careful about how they get rid of old assets, the personal information they contain can be accessed. 

The consequences of a data breach

Data breaches can have serious consequences for those whose information is compromised. Depending on the severity of the breach and how quickly the issue is identified, individuals can be the victims of fraud, identify theft, loss of benefits, and more. And the long process of discovering and attempting to address a breach can cause severe stress. 

Common complications of a data breach include: 

• Credit card fraud or unauthorized credit cards 
• Unauthorized bank accounts 
• Unauthorized loans or leases 
• Identity theft 
• Fraud with government documents or benefits 
• Private or sensitive information becoming publicly available. 

As a result, consumers whose information has been stolen may deal with paying interest, fees, and other monetary penalties, a lower credit score, accounts that go to collections, or even a criminal record. Data breaches can also be dangerous for those whose personal information puts them at risk of harm, such as survivors of domestic violence. 

Understanding privacy law

‘Cybersecurity’ refers to everything we do to protect ourselves and our data from attacks online, including safety measures and anti-hacking technology. As part of consumer protection law, businesses have a duty to protect the cybersecurity of their consumers.  

After a cybersecurity incident like a data breach, businesses must comply with federal and state laws and regulations. All 50 states in the U.S. require that companies inform customers if their data is compromised, although states differ on specific requirements of how, when, and to whom notice must be provided. 

Federal laws also set rules on how companies handle consumers’ personal information. The Federal Trade Commission (FTC) Act regulates deceptive or unfair acts and practices, including those related to data protection. The Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA) provide additional protections and specific guidance for the use of medical data in the U.S. 

While the FTC may pursue law enforcement action against companies that don’t uphold their promises to maintain consumers’ privacy rights, individuals can also join in class actions to seek compensation from these companies. Through these lawsuits, people whose data have been stolen have the opportunity to hold companies responsible for their loss of privacy. 

Data breach liability: Who can you hold responsible?

Data breach lawsuits claim that companies failed in their duty to protect the private information of their consumers or to notify them after a data breach occurred. These claims are most often filed as part of a class action.  

Class actions involve a group of people, known as class members, combining their lawsuits into a single legal action against the same defendant(s). One or a few plaintiffs who have suffered similar harm as other class members and represent their interests are chosen to act as the representatives. Class actions are a way to consolidate the cases of a large number of plaintiffs into a more efficient process and pool resources to hold powerful interests accountable. 

A company can be liable if a hacker or another individual targets them and gains access to consumer information. However, a plaintiff must have evidence that the company possessed or owned their data, and that the company’s negligence contributed to the data breach. 

The most common examples of a company’s liability for a data breach include: 

• The company or an employee directly contributing to leaking personal information. 
• The company failing to notify all affected consumers of the breach promptly. 
• The company failing to maintain an up-to-date security system as required by state law. 
• The company failing to mitigate the harm their consumers could suffer after they found out about the data breach. 

Can I get compensated after a data breach?

In a successful lawsuit, settlement class members are eligible to be compensated, or reimbursed, for the harm they suffered as a result of a data breach. They may be reimbursed for losses including unauthorized charges to credit cards, damage to their credit score, out-of-pocket costs for replacement cards or credit monitoring services, the time and expense expended to secure their data, and emotional distress caused by the breach.  

This compensation for data breach losses often falls into the following legal categories: 

• Actual misuse – Actual misuse is loss that results from someone’s misuse of the victim’s personal information after the breach. This can include credit score damage, property loss, stolen funds, or crimes committed in the victim’s name. 
• Heightened risk of harm – Even if fraud or identity theft hasn’t occurred, data breach victims may still be entitled to compensation due to the increased risk of harm from private information being made public.  
• Expectation losses – Expectation losses, also called benefits of the bargain, are losses resulting from a breach of contract. This compensation is built to allow the victim to return to the financial standing they would be in if the breach hadn’t occurred. 
• Consequential and mitigation losses – Compensation is available for additional out-of-pocket losses a victim incurs after a data breach. Examples include regaining security after the incident, hiring a credit monitoring service, performing forensic searches, and other costs necessary to return to the economic standing held before the breach. 
• Emotional distress – Consumers harmed by data breaches can experience psychological trauma, fear of the incident’s consequences on their personal or professional life, anxiety, and depression. A settlement may include compensation for the emotional harm done. 

A proposed settlement agreement may also offer alternative compensation, or non-monetary methods of making up for the harm a plaintiff has suffered. These may include free identity restoration services or credit monitoring services. 

Privacy litigation at Wallace Miller

Our team of attorneys and legal professionals is dedicated to standing up for the rights of consumers. In our increasingly digital world, your data is valuable—and if that data is compromised, you have legal options. 

Have you recently found out that your information was accessed in a data breach? Call us at 331-425-8022 or fill out our online questionnaire to set up a confidential consultation with our outreach team free of cost. We’ll go over your potential case and determine whether you’re eligible to file a claim.