Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

District Court granted final approval of a $63 million data breach settlement

Privacy/Cyber Risk & Data Security Courts Data Breach Class Action Settlement

Privacy, Cyber Risk & Data Security

On June 7, the U.S. District Court for the District of Columbia granted final approval of a class action settlement resolving claims that a government agency and its contractor (collectively, defendants) did not detect hackers because they failed to establish reasonable safeguards that led to a data breach. According to the memorandum of law in support of the plaintiff’s motion for preliminary approval, a data breach occurred in June 2015 that compromised financial records, Social Security numbers, and other personal information of anyone who underwent a background check at the agency since 2000. The agency allegedly controlled numerous electronic systems without valid authorizations, failed to implement multi-factor authentication for accessing systems, failed to patch, segment, and continuously monitor systems, and failed to implement centralized data security protocols. According to the plaintiff’s motion, the settlement (if granted final approval) would require the U.S. government to pay $60 million of the settlement fund and the contractor to pay $3 million. The settlement agreement provides that “[e]ach valid claim will be paid at $700, except that if the actual amount of documented loss exceeds $700, the claim will be paid in that amount, up to $10,000.”