Class Actions

Judge Approves $80M Settlement in Yahoo Data Breach Suit

• U.S. District Judge Lucy Koh awarded plaintiffs $80 million in a consolidated class action brought against Yahoo by shareholders resulting from data breaches Yahoo experienced in 2014 and 2016.

• According to the suit, Yahoo’s stock was trading at an artificially high price because of the company’s failure to disclose the breaches in a timely fashion.

• This is not the end of litigation related to these breaches, as Yahoo continues to face claims from users.

Adidas Seeking to Remove Putative Class Action to Federal Court

  • Adidas is seeking to remove to federal court a July lawsuit against the sports apparel manufacturer relating to a June data security incident that the plaintiffs allege allowed hackers to obtain personal information of millions of Adidas customers.
  • According to the lawsuit, “hackers breached the Adidas computer system(s) and accessed the contact information, user names and encrypted passwords [and] potentially other protected private information….”
  • The suit alleges negligence, breach of contract, breach of implied contract, and violations of California’s Customer Records Act and unfair trade practices act, and seeks actual, compensatory and statutory damages, as well as statutory penalties.


House Committee Passes Federal Data Breach Notification Bill for Financial Institutions

  • The House Financial Services Committee passed R. 6743, the Consumer Information Notification Requirement Act, which would require financial institutions to notify affected customers of a data breach that affects their personal information.
  • The law would establish uniform notification standards across all regulatory agencies empowered by the Gramm-Leach-Bliley Act (GLBA) and pre-empt state and local data breach notification laws with respect to entities subject to GLBA.
  • A number of banking organizations supported the bill’s passage from committee, “so that Congress can take a step forward in enacting comprehensive data breach legislation … for all entities that acquire and use sensitive personal and financial information.”

State AGs

NM AG Sues Tech Company Tiny Labs for Violations of COPPA, FTC Act and Unfair Practices Act

  • New Mexico Attorney General Hector Balderas filed a lawsuit against app developer Tiny Labs, alleging that the company acquired the personal data of children who used apps designed by the company “to target the children with advertisements based on their own personal information.”
  • According to the AG, “[t]his conduct endangers the children of New Mexico, undermines the ability of their parents to protect children and their privacy, and violates state and federal law,” including the Children’s Online Privacy Protection Act (COPPA), the Federal Trade Commission Act (the FTC Act) and the New Mexico Unfair Practices Act.

AZ AG Sues Tech Company Tiny Labs for Violations of COPPA, FTC Act and Unfair Practices Act

  • Arizona Attorney General Mark Brnovich recently retained Cooper & Kirk PLLC as outside counsel to investigate actions of an undisclosed company tech (the retention agreement was redacted) related to the “storage of consumer location data, tracking of consumer location, and other consumer tracking through [undisclosed company’s] smartphone operating systems.”
  • According to the retention agreement, these actions constitute potential violations of Arizona’s Consumer Fraud Act, and the agreement contemplates litigation or other action to stop the alleged tracking.