District Court receives joint settlement notice for personal information data breach

The complaint, filed on July 8, detailed a hacking incident that occurred on November 3, 2023, when the defendant detected unusual activity on its computer systems. The breach compromised sensitive personal information maintained by the defendant, including names, Social Security numbers, financial account information, driver’s license numbers, and addresses. The defendant waited seven months before notifying the affected individuals, during which time the plaintiffs were at risk of identity theft or harm.

The plaintiffs alleged the defendant failed to implement reasonable data security measures which put the plaintiff’s personal information at risk, violating the California Consumer Privacy Act and other regulations. The complaint included seven counts against the defendant: negligence, negligence per se, breach of implied contract, violations of the California Consumer Privacy Act, unjust enrichment, breach of third-party beneficiary contract, and declaratory judgment. The plaintiffs sought monetary relief, injunctive relief, and lifetime credit monitoring for the affected class members. The number of affected class members is unknown but is estimated to be in the thousands.

The complaint further claimed the defendant’s inadequate security measures and failure to properly monitor its networks led to the data breach. The plaintiffs argued the defendant’s actions resulted in significant harm, including the loss of control over their personal information, potential identity theft, and other financial damages. The plaintiffs also highlighted the defendant’s alleged violations of the California Consumer Privacy Act, which mandates the implementation of reasonable security procedures to protect consumers’ personal information.