Data Breach Settlements: A Look at the Top 16 Cases

1. Capital One: $80 Million

A software engineer at AWS was behind the attack, which exposed information including bank account details. While Capital One and AWS deny all liability, the parties have executed a term sheet containing the essential terms of a class settlement that, if approved by the court, will fully resolve all claims brought by plaintiffs.

2. Uber: $148 Million

In 2016, ride-hailing app Uber had 600,000 driver and 57 million user accounts breached. Instead of reporting the incident, the company paid the perpetrator $100,000 to keep the hack under wraps. Those actions, however, cost the company dearly, with a fine of $148 million in 2018 for violation of state data breach notification laws.

3. Morgan Stanley: $120 Million (Total)

Settlement Agreement

In January 2022, investment bank and financial services giant Morgan Stanley agreed to pay $60 million to settle a legal claim relating to its data security. The agreement, if approved by a federal judge in Manhattan, will resolve a class-action lawsuit filed against the company in July 2020 regarding two security breaches that compromised the personal data of approximately 15 million customers.

Background

The proposed claim settlement comes more than a year after Morgan Stanley was handed a separate $60 million civil penalty by the Office of the Comptroller of the Currency (OCC) in relation to the same incidents. The OCC stated that Morgan Stanley failed to exercise proper oversight of the 2016 decommissioning of two Wealth Management business data centers located in the U.S.

4. Equifax: $700 Million

Equifax, one of the largest credit reporting agencies in the world, suffered a massive data breach in 2017 that exposed the personal information of over 147 million people. The company agreed to pay $700 million to settle a class-action lawsuit filed in 2017.

5. Yahoo: $350 Million

In 2013 and 2014, Yahoo suffered two massive data breaches that exposed the personal information of over 3 billion users. The company agreed to pay $350 million to settle a class-action lawsuit filed in 2017.

6. Home Depot: $17.5 Million

In 2014, Home Depot suffered a data breach that exposed the personal information of over 56 million customers. The company agreed to pay $17.5 million to settle a class-action lawsuit filed in 2015.

7. Target: $10 Million

In 2013, Target suffered a data breach that exposed the personal information of over 40 million customers. The company agreed to pay $10 million to settle a class-action lawsuit filed in 2015.

8. JPMorgan Chase: $5 Million

In 2014, JPMorgan Chase suffered a data breach that exposed the personal information of over 76 million households and 7 million small businesses. The company agreed to pay $5 million to settle a class-action lawsuit filed in 2015.

9. Anthem: $115 Million

In 2015, health insurance giant Anthem suffered a data breach that exposed the personal information of over 78 million people. The company agreed to pay $115 million to settle a class-action lawsuit filed in 2017.

10. Blue Cross Blue Shield: $62.5 Million

In 2015, Blue Cross Blue Shield suffered a data breach that exposed the personal information of over 56 million people. The company agreed to pay $62.5 million to settle a class-action lawsuit filed in 2017.

11. TJX Companies: $40.5 Million

In 2007, TJX Companies, the parent company of TJ Maxx and Marshalls, suffered a data breach that exposed the personal information of over 45 million customers. The company agreed to pay $40.5 million to settle a class-action lawsuit filed in 2010.

12. Neiman Marcus: $1.62 Million

In 2013, Neiman Marcus suffered a data breach that exposed the personal information of over 350,000 customers. The company agreed to pay $1.62 million to settle a class-action lawsuit filed in 2014.

13. Supervalu: $10 Million

In 2014, Supervalu, a grocery store chain, suffered a data breach that exposed the personal information of over 200,000 customers. The company agreed to pay $10 million to settle a class-action lawsuit filed in 2015.

14. Michaels: $5 Million

In 2013, Michaels, an arts and crafts store chain, suffered a data breach that exposed the personal information of over 2.6 million customers. The company agreed to pay $5 million to settle a class-action lawsuit filed in 2014.

15. Uber: $148 Million

16. Equifax: $700 Million

Conclusion

Data breaches are a serious threat to individuals and organizations alike. The consequences of a data breach can be severe, including financial losses, reputational damage, and legal liabilities. In recent years, several high-profile companies have suffered data breaches, resulting in significant financial losses and reputational damage. This article highlights the top 16 data breach settlements, which demonstrate the importance of prioritizing data security and protecting personal information.

FAQs

Q: What is a data breach?

A: A data breach is an unauthorized access, theft, loss, or disclosure of personal information, such as names, addresses, Social Security numbers, and credit card numbers.

Q: What are the consequences of a data breach?

A: The consequences of a data breach can be severe, including financial losses, reputational damage, and legal liabilities. In addition, individuals whose personal information has been compromised may be at risk of identity theft and other forms of fraud.

Q: How can companies prevent data breaches?

A: Companies can prevent data breaches by implementing robust data security measures, such as encryption, firewalls, and access controls. They should also conduct regular security audits and training programs to ensure that employees are aware of the importance of data security.

Q: What are the legal consequences of a data breach?

A: The legal consequences of a data breach can be severe, including fines, penalties, and legal liabilities. In addition, companies may face class-action lawsuits and regulatory actions, such as those brought by the Federal Trade Commission (FTC) and state attorneys general.