Class Actions

Plaintiffs Seek Approval for $4.3 Million Settlement With Sonic in Credit Card Data Breach Suit

• Following a variety of lawsuits against fast food chain Sonic Drive-In related to a 2017 credit card data breach, plaintiffs are seeking consolidation of those suits, class certification and a $4.3 million settlement.

• The settlement would create a nationwide class of Sonic diners affected by the breach, each of whom would receive $10 if they used their credit or debit cards at the store, or $40 if they experienced fraudulent or unauthorized charges.

• The plaintiffs argued that the settlement is fair when balanced with the risks of further litigation.

Viacom’s Arbitration Demand Unavailing in Children’s Data Privacy Suit

  • U.S. District Judge James Donato denied Viacom’s request to stay a case against it alleging that the company violated privacy laws by collecting information about children while they played the mobile app “Llama Spit Spit.”
  • According to the order, Viacom presented insufficient evidence to establish that an agreement to arbitrate was formed between the players and Viacom. Viacom was unable to establish that the plaintiff saw and agreed to the arbitration provision in Viacom’s end-user license agreement, nor was it able to establish constructive notice because it did not put users “on notice of the terms by which” Viacom wished to bind them.


Senators Seek Answers From Google Related to Google+ Breach

  • A trio of Senate Republicans sent a letter to Google seeking answers from the tech company regarding recent reports of a breach related to its Google+ social networking platform.
  • The senators expressed concern that Google “apparently elected to withhold information about a relevant vulnerability for fear of public scrutiny.”
  • This letter comes on the heels of a request by Senate Democrats to the Federal Trade Commission that the commission open an investigation into Google as a result of the breach and the possibility this incident violates the terms of a 2012 consent decree.


Health Insurer Anthem to Pay HHS Record $16M

  • Anthem Inc., the U.S.’s second-largest health insurer, agreed to a $16 million settlement with the U.S. Department of Health and Human Services’ Office of Civil Rights for a 2015 data breach that exposed the personal information of almost 80 million people.
  • According to HHS, the breach occurred when an Anthem employee was spear-phished, allowing attackers to gain access to the Anthem’s systems.
  • OCR Director Roger Severino stated that Anthem “failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people’s private information[,]” and that the “largest health data breach in U.S. history fully merits the largest HIPAA settlement in history.”

State AGs

Aetna Settles AGs’ Data Breach Claims

  • Healthcare giant Aetna Inc. has settled claims by the attorneys general of Connecticut, the District of Columbia, New Jersey and Washington that the insurer failed to protect insureds’ protected health information by sending through the mail information about insureds’ health conditions that was easily viewable on the face of the envelopes.
  • Under the settlement, Aetna agreed to ensure the confidentiality of mailings going forward and to institute policies, protocols and training to maintain the privacy of protected health information.
  • Aetna agreed to pay New Jersey $365,000 and the District of Columbia $175,000. Amounts to be paid to Connecticut and Washington were not disclosed.