Data Breach Class Actions I. Executive Summary
Class action litigation in the data breach space has continued to become more prevalent with lawsuits being filed at a rapid tick after every major and not-so-major report of a breach. High-profile data breach class actions continue to create headlines on a regular basis. In recent years, myriad companies have experienced significant breach events affecting hundreds of millions of their records. Most recently, in In Re Marriott International Inc. Customer Data Security Breach Litigation , 341 F.R.D. 128 (D. Md. May 3, 2022), a federal judge in Maryland granted class certification in a data breach impacting over 133 million American consumers against hotel chain Marriott and its data security vendor Accenture. This was, to date, the largest data breach case in the country. Despite the large number of data breach actions filed, however, plaintiffs are securing class certification at lower levels than compared to other areas of law. In 2024, courts granted class certification in 40% of data breach cases. This constituted a big improvement from 2023, when only 14% of class certification motions were granted.
Data breach class actions have emerged as one of the fastest growing areas in the complex litigation space. After every major (and even not-so-major report) of a breach, companies can expect negative publicity followed by one or more class action lawsuits. In recent years, blue-chip companies such as Microsoft, Wattpad, Meta/Facebook, Estee Lauder, Whisper and Advanced Info Service endured data breach class action litigation following significant data breach events affecting hundreds of millions of employee and consumer records. In 2024, there was a notable increase in data breach class actions. Data breach class actions filed within the first half of 2024 totaled 773 with a monthly average of nearly 129. This surge in data breach class actions can be traced back to several contributing factors. One of the primary catalysts for this increase is the MOVEit data breach that took place this past year, involving file transfer software and the National Public Data breach that occurred in early 2024, involving a data broker specializing in background checks. Furthermore, there has been a marked increase in the sophistication of cybercriminal activities, leading to more frequent and severe data breaches. Based on our analysis of the 2024 data breach class action landscape,
1
© Duane Morris LLP 2025
Duane Morris Data Breach Class Action Review – 2025
Made with FlippingBook - professional solution for displaying marketing and sales documents online