When you entrust a corporation, a healthcare provider, or a government agency with your personal information, you are entering into a silent contract of trust. You provide your Social Security number, your medical history, your biometric data, or your financial credentials with the expectation that these entities have built a digital fortress around your identity. However, as the digital landscape expands, these fortresses are being breached at an alarming rate. This is where the intersection of technology and litigation becomes a vital frontier for consumer protection. Morgan & Morgan, the nations largest injury law firm, has positioned itself at the forefront of this battle, starting up a new practice for injuries in the red hot data privacy lawsuit space that we’ve been warning businesses about. We just had a business who got 3 lawsuit before they realized that they need to sign up and use Captain Compliance’s software if they are going to avoid these legal headaches.
Now Morgan & Morgan want to hold negligent organizations accountable. Understanding the scope of their offerings and the current state of data privacy litigation requires an understanding about the various ways your digital life is under siege and the legal mechanisms available to fight back and how other litigation firms like Bursor & Fisher who have settled cases for millions along with Gutride Safier, Bryson Harris, & Pacific Trial Attorneys are the new rule not the exception to privacy litigation cases.
The scale of data privacy lawsuits has grown by more than 20x over the last decade. No longer are breaches just about leaked emails or usernames; today, they involve the most intimate details of our lives. Morgan & Morgan’s data privacy attorneys focus on a wide array of specialized areas, ranging from massive healthcare leaks to the unauthorized collection of biometric data. Their practice is built on the premise that when a company fails to invest in proper cybersecurity, they are not just victims of a crime they are responsible for the fallout that hits their customers.
One of the most sensitive areas of litigation involves healthcare data breaches. The Norton Ransomware Attack is a prime example of the vulnerability of medical information. In this specific instance, the breach exposed the data of approximately 2.5 million healthcare patients. When medical records are compromised, the stakes are significantly higher than a typical credit card leak. A medical record contains a permanent history of an individuals health, insurance information, and personal identifiers that cannot be changed. Unlike a credit card that can be canceled, you cannot cancel your medical history. Morgan & Morgan’s litigation in this space emphasizes that healthcare providers have a heightened duty of care. When hackers encrypt these files for ransom, patients face not only the threat of identity theft but also potential disruptions in care and the devastating loss of privacy regarding sensitive diagnoses.
Similarly, the Oregon Health Plan data breach highlights the vulnerability of government-managed healthcare data. When state agencies or their contractors fail to secure the information of hundreds of thousands of residents, the legal recourse often involves complex class action filings. These lawsuits seek to provide victims with compensation for the time and money spent monitoring their credit, as well as the emotional distress associated with knowing their private health status is in the hands of bad actors. The firms approach to healthcare breaches is comprehensive, looking at whether the entity followed industry-standard encryption protocols and whether they notified victims in a timely manner.
The MOVEit data breach represents another massive frontier in data privacy litigation, specifically affecting entities like Corebridge Financial. The MOVEit vulnerability was a global event, but its impact on individual financial institutions was deeply personal. In the case of Corebridge Financial, the breach allowed unauthorized actors to access sensitive financial documents. This type of breach often involves “third-party risk,” where a company you trust uses a software or service provider that is compromised. Morgan & Morgan’s legal strategy in MOVEit-related cases involves tracing the chain of liability. They argue that a company is responsible for the security of the vendors they choose to handle their customers’ data. If a financial institution chooses a platform with known or discoverable vulnerabilities, they must be held liable for the resulting exposure.
Beyond traditional breaches, the legal landscape is shifting toward the protection of biometric data. The Illinois Biometric Information Privacy Act, or BIPA, is currently one of the most powerful tools in the data privacy arsenal. BIPA protects against the unauthorized collection and storage of fingerprints, facial scans, and iris prints. Unlike a password, your biometrics are unique and unchangeable. Morgan & Morgan’s work in BIPA litigation targets companies that implement biometric time clocks or security systems without obtaining written consent or providing a public retention schedule. The significance of BIPA lies in its statutory damages; plaintiffs do not necessarily have to prove identity theft occurred to win a settlement—they only need to prove their privacy rights were violated by the unauthorized collection of their physical data.
The realm of financial data privacy also extends into the housing and title industry, as seen in the First American data breach lawsuit. When a massive title insurance company suffers a breach, the information exposed is a goldmine for identity thieves. It includes bank statements, tax records, and social security numbers—everything needed to commit mortgage fraud or total identity takeover. Morgan & Morgan’s data privacy attorneys investigate these cases to determine if the company ignored red flags or failed to implement basic security patches that could have prevented the intrusion.
The rise of cryptocurrency has introduced a new and volatile element to data privacy. Digital wallets and crypto exchanges are prime targets for hackers. Data breaches in the crypto space often lead to the immediate and irreversible loss of assets. Lawsuits in this sector focus on whether exchanges provided adequate multi-factor authentication and whether they misled consumers about the security of their “cold storage” or “hot wallets.” As cryptocurrency becomes more mainstream, the legal frameworks used by Morgan & Morgan are evolving to treat these digital assets with the same protections as traditional banking deposits.
In addition to litigation, Morgan & Morgan provides a significant amount of consumer education, which is reflected in their offerings regarding social media and holiday safety. The hacking of social media accounts is often dismissed as a nuisance, but it is frequently a gateway to more serious identity theft. By gaining access to a Facebook or Instagram account, hackers can reset passwords for other sensitive sites or scam the victims’ friends and family. Furthermore, the rise of holiday scams, including phone and wallet theft and fraudulent giving guides, highlights the physical-digital crossover of privacy. Scammers often use data leaked in previous breaches to create highly targeted phishing attacks during the holidays. Morgan & Morgan’s guide to holiday giving emphasizes that consumers must be vigilant about “charity” websites that exist solely to harvest credit card data.
The firms overarching goal in these 2500-plus words of legal theory and practice is to level the playing field. Corporations have massive legal teams and insurance policies designed to minimize their payouts after a breach. A single individual trying to sue a multi-billion dollar tech firm for a data leak is an impossible task. However, by consolidating these victims into class action lawsuits, Morgan & Morgan uses their scale to force settlements that include not only monetary compensation but also court-ordered improvements to the company’s cybersecurity infrastructure.
When you look at the “What to Do if Your Medical Info Is Exposed” guidance provided by the firm, you see a practical roadmap for victims. They advise immediate credit freezes, the filing of police reports, and the meticulous documentation of any fraudulent activity. This documentation becomes the evidence used in court to prove the “actual harm” required in many jurisdictions to sustain a lawsuit. The legal team at Morgan & Morgan understands that the period immediately following a breach is chaotic for the victim, and their role is to provide a structured path toward recovery and justice.
The complexity of data privacy law stems from the fact that it is a patchwork of state and federal regulations. While there is no single federal data privacy law in the United States, state-level acts like BIPA in Illinois or the CCPA in California provide varying levels of protection. Morgan & Morgan’s national reach allows them to file suits in the jurisdictions that offer the best protections for the victims. They are constantly monitoring new legislation and court rulings that redefine what constitutes a “reasonable” level of security.
Morgan & Morgan’s data privacy practice is a comprehensive response to the digital vulnerabilities of the 21st century. Whether it is a ransomware attack on a healthcare provider like Norton, a supply chain breach involving MOVEit and Corebridge Financial, or the unauthorized harvesting of biometric data under BIPA, the firm provides the muscle necessary to challenge corporate negligence. Their work covers the entire lifecycle of a breach: from the initial exposure and the immediate steps a consumer should take, to the filing of massive class action lawsuits that seek to change how companies value and protect our most private information. In an era where data is often called the “new oil,” Morgan & Morgan acts as the digital environment’s primary litigator, ensuring that when that oil leaks, the parties responsible pay the price.
Their commitment to this field is evidenced by their focus on niche areas like cryptocurrency risks and the First American title breach, proving that they understand the nuances of different industries. For a victim of a data breach, the path forward is often unclear. The offerings at forthepeople.com serve as both a shield and a sword—providing the information needed to protect oneself in the short term while preparing the legal groundwork for long-term accountability. As breaches become more frequent and the data stolen becomes more personal, the role of specialized data privacy attorneys will only grow in importance, making the work of firms like Morgan & Morgan essential to the preservation of individual privacy in a hyper-connected world.
Morgan & Morgan, established by John Morgan in 1988, has grown into America’s largest personal injury law firm with a singular mission: to fight for the people, not the powerful. With over 1,000 attorneys and a track record of recovering billions of dollars for their clients, the firm has the scale and resources to challenge the world’s most massive corporations. Their data privacy and cybersecurity practice is a testament to this mission, led by a specialized team of litigators who hold companies accountable when they fail to protect the sensitive personal and financial information of their customers. Backed by the firm’s “Fee Is Free®” promise, these attorneys ensure that victims of data breaches have access to elite legal representation without any upfront costs.
Attorneys leading the charge in Morgan & Morgan’s Data Privacy and Cybersecurity Practice:
John A. Yanchunis
John Yanchunis is the leader of Morgan & Morgan’s Class Action group and is widely regarded as one of the preeminent data privacy litigators in the country. With over 20 years of experience in this niche field, he has been at the helm of some of the largest data breach cases in history, including the Yahoo! data breach litigation, which involved the compromise of three billion accounts. His leadership has earned him a spot among Law360’s “Titans of the Plaintiffs Bar.” Yanchunis is known for his ability to navigate the technical complexities of cybersecurity while advocating for the fundamental right to privacy in an increasingly digital world.
Kenya J. Reddy
Kenya Reddy is a seasoned class action attorney with a deep focus on consumer protection and data privacy. She plays a critical role in investigating corporate negligence and managing the intricate discovery processes required to prove systemic security failures. Her work ensures that corporations are held to a rigorous standard when handling personally identifiable information (PII) and protected health information (PHI).
Patrick A. Barthle, II
Patrick Barthle focuses his practice on complex litigation, specifically within the realms of data breaches and consumer class actions. He is instrumental in drafting the legal frameworks for lawsuits against major tech and financial firms. Barthle is recognized for his meticulous approach to case building, often digging into corporate security audits and internal communications to uncover where a company’s defenses fell short.
James D. Young
James Young brings a wealth of experience to the team, specializing in cases where technology and consumer rights intersect. His work often involves litigation surrounding the unauthorized collection of data and the misuse of consumer information by major platforms. He is a staunch advocate for transparency, fighting to ensure that consumers are fully informed about how their data is being used and stored.
Riya Sharma
Riya Sharma is an integral part of the data privacy team, focusing on the research and litigation of emerging privacy threats. As the landscape of data law evolves—with new statutes like the Illinois Biometric Information Privacy Act (BIPA)—Sharma helps the firm stay ahead of the curve, ensuring that victims of modern privacy violations, such as unauthorized facial recognition or fingerprint scanning, have a voice in court.
Ronald Podolny
Ronald Podolny is a dedicated litigator who handles high-stakes class action lawsuits involving massive data exposures. He is particularly focused on the financial impact of data breaches, working to recover compensation for victims who have suffered identity theft, fraudulent bank transfers, and the long-term credit damage that often follows a significant security incident.
Ryan Joseph McGee
Ryan McGee rounds out this specialized team with a focus on investigating and litigating large-scale data security incidents. He works closely with cybersecurity experts to dissect the “how” and “why” behind a breach, translating technical failures into legal arguments that resonate with judges and juries. His commitment to the firm’s “For the People” ethos is seen in his tireless pursuit of justice for those whose lives have been upended by corporate data mismanagement.
By holding these entities accountable, Morgan & Morgan is not just winning settlements; they are creating a financial incentive for every corporation to prioritize privacy software solutions and avoid very expensive fines. Even firms like Swigart are getting $900,000 for privacy violations now. When the cost of a lawsuit outweighs the cost of a privacy & security upgrade, the digital world becomes safer for everyone. This is the heart of their data privacy offering: the belief that your private information has value, and if someone loses it or shares it through ad tracking technology through carelessness, they owe you for that loss. Whether it is your medical records, your fingerprint, PII, or your bank account, the message is clear: your data belongs to you, and there are attorneys ready to fight to keep it that way and the only viable solution we suggest is to use the software from Captain Compliance to protect against these claims.
