Data Breaches

Chimicles Schwartz Kriner & Donaldson-Smith LLP (CSK&D) is Prosecuting Class Action Lawsuits on Behalf of Consumers Impacted By Large Payment Card Data Breaches

Large-scale payment card data breaches have been on the rise over that last few years.  These breaches occur when cybercriminals gain unauthorized access to a company’s payment systems or computer servers. These breaches are often carried out in a similar manner—malicious software (known as “malware”) is installed on the target company’s systems, which is then used to siphon off sensitive payment card data as consumers swipe debit or credit cards through the point of sale payment terminal.  The sensitive card data that is collected during this theft can include cardholder names, billing addresses, card numbers, and card security codes.  When a breach occurs, it often goes undetected for a long period of time – in some cases several months – and allows hundreds of thousands or even millions of sets of card data to be stolen.

Stolen card data is very valuable to the criminals who steal it.  They often take the information and place it for sale illegally on what is known as the “dark web,” an underground part of the World Wide Web where users can remain untraceable or anonymous.  Fraudsters come to the dark web to purchase stolen card data to commit additional fraud, including creating “dummy” or “clone” credit cards to perpetrate physical (e.g., in-store) fraudulent purchases, or using the card data to make illegal purchases remotely.  This fraud directly impacts consumers, who only later discover that their checking or credit card accounts have been subjected to fraudulent charges.

Data breaches create not only temporary concerns for fraud; they have lasting effects for those consumers impacted by a breach.  These consumers are forced to take significant precautionary measures, such as canceling other cards and accounts, obtaining replacement cards (often for a fee), purchasing credit monitoring and identity theft insurance, and spending large amounts of time reviewing accounts and statements for incidents of fraud.

By now these data breaches should be declining given the large number of breaches over recent years and based upon what is known in the retail and services industries about point-of-sale security and general cyber-security.  However, data breaches continue occur on a regular basis.  Typically, the reason that these breaches occur is that the companies that suffer from the intrusions failed to take adequate precautionary measures to protect against an attack.  For example, card encryption and chip-technology have been in existence for years ,and while many companies have shifted to these more secure systems, numerous companies have declined to do so, leaving them vulnerable to a data breach.

The attorneys at CSK&D have significant experience in prosecuting class action lawsuits on behalf of consumers who have been victimized by massive payment card data breaches.

Two recent examples of settlements that CSK&D has resolved are:

  • Crystal Bray v. GameStop Corp., No. 1:17-cv-01365 (D. Del.), settlement granted final approval on 12/19/2018;
  • Gordon, et al. v. Chipotle Mexican Grille, Inc., No. 1:17-cv-01415-CMA-SKC (D. Colo.), proposed settlement granted preliminary approval granted 6/21/2019.

If you believe you suffered card fraud or identity theft due to a data breach, we encourage you to contact the attorneys below to discuss your experiences and receive a free consultation.

We’re ready to assist you, so call us or click here to discuss your situation.