Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

District Court grants final approval of data breach settlement

Privacy, Cyber Risk & Data Security Courts Data Breach Class Action Settlement SEC Data Scraping

Privacy, Cyber Risk & Data Security

On August 9, the U.S. District Court for the Western District of North Carolina granted final approval of a class action settlement resolving allegations that two hemp companies (collectively, “defendants”) were involved in data breaches. According to the plaintiffs’ unopposed motion for final approval of the class action settlement, the defendants notified the SEC, various states’ attorneys general, and thousands of affected customers about two data breaches that occurred through their website on two different occasions. The plaintiffs alleged that the incident allowed hackers to “scrape[]” many of the defendants’ consumers’ names from the website by infecting the ecommerce platform with a “malicious code,” and stole the personally identifiable information of approximately 40,000 customers. According to the settlement, the deal will provide that class members can receive as much as $210 for out-of-pocket expenses such as card replacement fees, overdraft fees, interest, and up to $80 in costs for obtaining credit monitoring and identity theft protection, among other things. The district court also approved $2,500 payments to the lead plaintiffs as service awards.