Keller Rohrback is a pioneer in representing consumers and employees who have had their personal information breached. Our Data Privacy Litigation team has an established reputation of successful data breach litigation in federal and appellate courts.
Our success in this area includes the groundbreaking case, Krottner v. Starbucks Corp. Nos. 09-35823, 09-35824 (W.D. Wash.), where the Ninth Circuit recognized that Plaintiffs-Appellants’ injury caused by a stolen laptop containing their personal information sufficiently satisfied the Article III standing requirement. This decision established an important legal precedent that formed a building block for privacy litigation under federal law.
Keller Rohrback’s Data Privacy Litigation team has made headlines in various publications with their work featured in Variety, the Los Angeles Times, The Wall Street Journal, Law.com, CNN.com, Bloomberg.com, NPR.org, CNBC.com, Nasdaq. com, Reuters.com and The Guardian. We have also been featured on broadcasts such as CNN and NPR’s Morning Edition.
In re Facebook, Inc. Consumer Priv. User Profile Litig., MDL No. 2843 (N.D. Cal.). Keller Rohrback partner Derek Loeser serves as co-lead counsel in this high profile litigation related to the 2018 news that the data mining firm Cambridge Analytica had harvested information from up to 87 million Facebook users. Plaintiffs allege that Facebook granted numerous third parties access to their Facebook content and information without their consent, and that Facebook failed to adequately monitor the third parties’ access to, and use of, that information.
Facebook’s motion to dismiss was denied, and after several years of hard-fought litigation, in which Plaintiffs obtained extensive discovery regarding Facebook’s data sharing practices, including millions of pages of discovery and over 45 depositions, the parties reached a $725 million settlement – the largest ever privacy class action settlement in the United States. The Court held the final approval hearing on September 7, 2023 and granted final approval of the settlement on October 10, 2023.
Corona v. Sony Pictures Ent., Inc., No. 14-9600
(C.D. Cal.). Keller Rohrback served as Interim Co-Lead Counsel and Liaison Counsel in this case against Sony Pictures Entertainment, Inc. on behalf of former and current Sony employees affected by the company’s highly publicized data breach. Plaintiffs alleged that Sony failed to secure and protect its computer systems, servers, and databases, resulting in the release of the named Plaintiffs and other class members’ personal information. Keller Rohrback obtained a significant settlement for the class in October 2015, which was approved in April 2016.
Fox v. Iowa Health Sys., No. 18-327
(W.D. Wis.). Plaintiffs filed this complaint against Iowa Health System (UnityPoint Health) on behalf of individuals in Wisconsin, Iowa, and Illinois whose protected health information was compromised as a result of data breaches that occurred on at least two separate occasions between November 2017 and March 2018. On July 25, 2019, the Court granted in part and denied in part Defendant’s motion to dismiss. The parties have since reached a settlement, providing for credit monitoring and insurance services, reimbursement for out-of-pocket costs, and payment for time incurred as a result of the data breaches. The Court granted final approval of the settlement on March 4, 2021.
In re Experian Data Breach Litig., No. 15-1592
(C.D. Cal.). In October 2015, Experian announced a nationwide data breach affecting an estimated 15 million consumers. Keller Rohrback was appointed to serve on the Plaintiffs’ Steering Committee. After three years of litigation, a settlement was reached valued at more than $150 million, providing credit monitoring and insurance services, reimbursement for out-of-pocket costs, and payment for time incurred as a result of the data breach. The Court granted final approval of the settlement in May 2019.
Krottner v. Starbucks Corp., 628 F.3d 1139
(9th Cir. 2010). In 2008, Keller Rohrback filed a class action on behalf of approximately 97,000 Starbucks employees whose unencrypted private information was contained on a stolen Starbucks laptop. Plaintiffs’ claims included negligence and breach of contract for failing to protect employees’ personally identifiable information. The district court granted Starbucks’s motion to dismiss, but Keller Rohrback successfully appealed the decision as to standing, resulting in the Ninth Circuit establishing a new legal precedent that the theft of PII constituted injury under Article III.
In re T-Mobile Customer Data Sec. Breach Litig., MDL No. 3019
(W.D. Mo.). Keller Rohrback filed class action complaints on behalf of the approximately 76.6 million T-Mobile customers whose data was exposed in the August 2021 Data Breach, alleging that T-Mobile failed to protect data of customers, as well as consumers who applied for credit with T-Mobile, leading to the exposure of information including their Social Security numbers, names, and dates of birth. Cases concerning the breach were consolidated for pretrial proceedings by the JPML in December 2021. In February 2022, Keller Rohrback, Stueve Siegel Hanson LLP, and Hausfeld LLP were appointed Co-Lead Interim Class Counsel. The parties reached a settlement, including a $350 million settlement fund and a $150 million spending commitment to improve T-Mobile’s data security and address vulnerabilities that resulted in the Data Breach, in July 2022. The Court held a final fairness hearing on January 20, 2023 and granted final approval of the settlement on June 29, 2023.
In re 21st Century Oncology Customer Data Sec. Breach Litig., MDL No. 2737
(M.D. Fla.). In 2016, Keller Rohrback filed three proposed class action complaints against the Florida-based healthcare provider 21st Century Oncology concerning an October 2015 data breach impacting 2.2 million class members. All cases concerning the breach were consolidated in October 2016 for coordinated pretrial proceedings. On November 18, 2016, Keller Rohrback and Robinson Calcagnie were appointed Interim Co-Lead Counsel. On March 11, 2019, the Court entered its order denying the Defendants’ motion to dismiss the amended consolidated complaint. In June 2020, the parties reached a settlement in principle, valued at more than $16 million, providing for credit monitoring and insurance services, reimbursement for out-of-pocket costs, and payment for time incurred as a result of the data breach. The Court granted final approval of the settlement on June 25, 2021.