Source: DataPrivacyJustice.com — Open Class Actions. Attorney Advertising for New York-licensed attorney Adam Harris, 60 Broad Street, 29th Floor, New York, NY 10004. This table is provided for informational purposes only.
Source: DataPrivacyJustice.com — Open Class Actions. Attorney Advertising for New York-licensed attorney Adam Harris, 60 Broad Street, 29th Floor, New York, NY 10004. This table is provided for informational purposes only.
Adam Harris Data Breach Attorney
DataPrivacyJustice.com is the legitimate advertising platform of a New York attorney, Adam Harris, who pursues data breach class action cases on behalf of consumers. If you received a breach notification and are looking at this site, it’s one of several options available to you — but it is a legal intake pipeline, not a neutral consumer resource. Fill out the form with that in mind, understand that you’re entering a business relationship (one that, if your case is accepted, won’t cost you money upfront), and know your rights before you hand over more of your personal information. For organizations on the other side of the equation, it’s a clear reminder that your breach notification is someone else’s case intake document. If you’ve been searching around after receiving a data breach notification letter, there’s a decent chance you’ve ended up on DataPrivacyJustice.com who has been running ads on Instagram to attract plaintiffs to go after data breach violators which relates back to data privacy and making sure you have a strong posture. Speaking of which if you are not SOC2 ready you can get a 25% discount via our partnership with Drata. This is not to say the site is doing anything illegal. It’s not. But when you’re a data breach victim who’s already worried about your personal information floating around on the dark web, the last thing you want is to accidentally sign up for something you don’t fully understand. So let’s break down exactly what this site is, who runs it, and what you’re actually agreeing to as it is a legitimate website and ads running on the opposition.
The Warning: Read Before You Click “Submit”
DataPrivacyJustice.com is set up to look like an informational resource — and it does provide some genuinely useful context about data breaches and class action lawsuits. But the site exists primarily for one purpose: to generate leads for a law practice. Every page on the site ultimately routes you to a contact form or a phone number. The calls to action say things like “Join a Class Action Now” and “Protect Your Rights Today.” The tone is urgent, and intentionally so. Before you submit your name, phone number, email, and details about your situation, you should know a few things. Submitting a form on this site does not create an attorney-client relationship. The site says so itself in its footer and contact page — no attorney-client relationship is created unless and until your case is formally accepted. You may be added to a marketing list (the contact form includes a checkbox for agreeing to receive “other communications from Data Privacy Justice”). And depending on the breach you’re inquiring about, you may be one of hundreds of thousands of people submitting similar forms. None of this is nefarious on its face. Class action litigation is a legitimate and important legal mechanism. But you should walk in with clear eyes.So What Exactly Is DataPrivacyJustice.com?
DataPrivacyJustice.com is an attorney advertising website operated by Adam Harris, a New York-licensed attorney whose principal office is located at 60 Broad Street, 29th Floor, New York, NY 10004 — the heart of Manhattan’s Financial District. The site’s own footer makes this explicit: “Attorney Advertising for New York-licensed attorney Adam Harris.” The site functions as a data breach class action intake platform. Its core model is straightforward: when a significant data breach becomes public, the site publishes a dedicated investigation page for that breach, describes the scope of what may have been compromised, explains potential legal rights, and invites affected individuals to come forward by contacting the firm. Current active investigations listed on the site include breaches involving One Medical (1Life Healthcare), AssuranceAmerica Managing General Agency, and Edgewood Surgical Hospital — all disclosed in 2026. These are real breaches affecting real people, and the legal claims being pursued are grounded in genuine consumer protection and privacy law.How the Model Works
When you submit your information through DataPrivacyJustice.com, you are expressing interest in potentially joining a class action lawsuit as a plaintiff or class member. Here’s what that typically means in practice. A class action is a lawsuit where one person — or a small group — sues on behalf of a larger population of people who were all harmed in a similar way. If successful, the resulting settlement or verdict delivers compensation to the entire class. You don’t need to actively litigate the case; the attorneys do that work. You also don’t pay legal fees out of pocket — the attorneys are compensated from any recovery they obtain, typically as a percentage of the settlement. This is a contingency fee model, and it’s standard in consumer class action work. The site is transparent about this, stating that “there should never be any cost to you to bring a class action.” The trade-off is that individual recoveries in data breach class actions are often modest — sometimes a few hundred dollars or less — while attorney fees can be substantial. That said, the broader function of class action litigation in data privacy cases is to create accountability. When companies face financial consequences for failing to protect consumer data, it changes corporate behavior in ways that benefit everyone.What the Site Does Well
To be fair, DataPrivacyJustice.com does several things genuinely well from a consumer education standpoint. Its FAQ section covers the basics of class action litigation clearly and accessibly — explaining what a data breach is, what a class member is, what a settlement looks like, and how long these cases typically take to resolve. If you’ve never been involved in a class action and don’t know where to start, this kind of plain-language guidance has real value. The site also tracks active breach investigations and publishes them relatively quickly after public disclosure. For breach victims who may not know their legal options exist or how to pursue them, that visibility matters.What to Keep in Mind from a Compliance Perspective
For the compliance and privacy professionals reading this blog, there’s a broader takeaway embedded in how sites like DataPrivacyJustice.com operate: data breaches have legal and reputational consequences that outlast the breach itself. The moment a company discloses a breach, the litigation clock starts. Plaintiff attorneys are monitoring breach notifications filed with state attorneys general and with regulators like HHS (for HIPAA-covered entities). A breach affecting 600,000 people, or even a “limited number” of patients, can generate a class action investigation within days of disclosure. The best compliance posture is the one that makes sites like DataPrivacyJustice.com irrelevant to your organization: rigorous data minimization, strong access controls, regular security assessments, and a tested incident response plan. Prevention is always cheaper than litigation. The table below outlines all open class action data breach investigations currently listed on DataPrivacyJustice.com — the attorney advertising platform of New York-licensed attorney Adam Harris. The firm actively runs Instagram ads targeting potential plaintiffs for each of these cases. If you received a breach notification from any of the companies below, you may be eligible to join a class action.| Company | Breach Date | Individuals Affected | Details |
|---|---|---|---|
| One Medical (1Life Healthcare) | ~June 13, 2026 | Not yet disclosed | Unauthorized access to a third-party file storage system used to retain archived records of One Medical Seniors and the legacy Iora Health practice. Threat actor group ShinyHunters has also publicly claimed responsibility. |
| AssuranceAmerica Managing General Agency | ~March 16, 2026 | 611,046+ | Data breach compromised personally identifiable information of over 611,000 individuals. |
| Edgewood Surgical Hospital | ~June 3, 2026 | Tens of thousands | Data breach compromised protected health information and personally identifiable information of tens of thousands of individuals. |
| Allianz Life Insurance Company of North America | ~July 2025 | Majority of 1.4 million customers + others | Data breach compromised the personally identifiable information of the majority of Allianz’s 1.4 million customers, as well as numerous other individuals. |
| Connex Credit Union | ~June 2025 | 172,000 | Data breach compromised personally identifiable information of 172,000 individuals. |
| Esse Health | ~April 2025 | 263,000+ | Data breach compromised personally identifiable information of over 263,000 individuals. |
| Business Council of New York State | ~February 2025 | 47,000+ | Data breach compromised personally identifiable information of over 47,000 individuals. |
| Fundamental Administrative Services | October 2024 – January 2025 | Several thousand | Data breach compromised personally identifiable information of several thousand individuals. |
| Highlands Oncology | ~January 2025 | 113,000+ | Data breach compromised personally identifiable information of over 113,000 individuals. |
| CPAP Medical Supplies & Services | ~December 2024 | 90,000+ | Data breach compromised personally identifiable information of over 90,000 individuals. |
| Ahold Delhaize | ~November 2024 | 2.2 million+ | Data breach compromised personally identifiable information of over 2.2 million individuals. |
| Krispy Kreme | ~November 2024 | 161,000+ | Data breach compromised personally identifiable information of at least 161,000 individuals. |
| Century Support Services | ~September 2024 | 160,000+ | Data breach compromised personally identifiable information of over 160,000 individuals. |
| The Alcohol & Drug Testing Service | ~July 2024 | ~750,000 | Data breach compromised personally identifiable information of nearly 750,000 individuals. |
| Gryphon Healthcare | ~July 2024 | 393,000+ | Data breach compromised personally identifiable information of over 393,000 individuals. |
| McLaren Health Care | ~July 2024 | 743,000+ | Data breach compromised personally identifiable information of at least 743,000 individuals. |
| Coinbase | ~December 2024 | 69,000+ | Data breach compromised personally identifiable information of at least 69,000 individuals, if not more. |
| Commonwealth Business Bank | ~January–February 2025 | Several thousand | Data breach compromised personally identifiable information of several thousand individuals. |
| Manpower of Lansing | ~December 2024 | 144,000+ | Data breach compromised personally identifiable information of over 144,000 individuals. |
| Young Consulting (Blue Shield of California) | ~April 2024 | 954,000+ | Young Consulting provides risk management services to Blue Shield of California. Data breach compromised personally identifiable information of over 954,000 individuals. |
| Set Forth / Centrex Software | ~May 2024 | 1.5 million+ | Data breach compromised personally identifiable information of over 1.5 million individuals. |
| Kootenai Health | ~February 2024 (discovered ~August 2024) | 464,000+ | Data breach compromised personally identifiable information of over 464,000 individuals. |
| Slim CD | ~August 2023 (discovered ~June 2024) | ~1.7 million | Data breach compromised personally identifiable information of nearly 1.7 million individuals. |
| Fidelity Investments | ~August 2024 | 77,000+ | Data breach compromised personally identifiable information of over 77,000 individuals. |
| Mainline Health | ~April 2024 | 101,000+ | Data breach compromised personally identifiable information of over 101,000 individuals. |
| Avis Rent A Car | ~August 2024 | ~300,000 | Data breach compromised personally identifiable information of nearly 300,000 individuals. |
| East Valley Institute of Technology (EVIT) | ~January 2024 | ~209,000 | Data breach compromised personally identifiable information of nearly 209,000 individuals. |
| Access Sports Medicine & Orthopedics | ~May 2024 | 88,000+ | Data breach compromised personally identifiable information of over 88,000 individuals. |
| Financial Business and Consumer Solutions (FBCS) | ~February 2024 | Not specified | Data breach reported; full details not publicly disclosed on the site. |
| Tri-City Healthcare District | ~November 2023 | 108,000+ | Data breach compromised personally identifiable information of over 108,000 individuals. |
| Kemper Sports Management | ~April 2024 | ~63,000 | Data breach compromised personally identifiable information of nearly 63,000 individuals. |
| Trionfo Solutions | ~December 2023 (discovered ~January 2024) | 76,000+ | Data breach compromised personally identifiable information of over 76,000 individuals. |
| Carespring Health Care Management | ~October 2023 | 76,000+ | Data breach compromised personally identifiable information of over 76,000 individuals. |
| HealthEquity / Further Operations | Not specified | Not specified | HealthEquity and its subsidiary Further Operations reported a data breach; full details not publicly disclosed on the site. |
| Designed Receivable Solutions / OptumCare | Not specified | Not specified | Designed Receivable Solutions, on behalf of certain OptumCare Management clinics, reported a data breach; full details not publicly disclosed on the site. |
| South Suburban College | ~November 2023 | Not specified | Data breach reported; full details not publicly disclosed on the site. |
| First Commonwealth Federal Credit Union | Not specified | Not specified | Data breach reported; full details not publicly disclosed on the site. |
| Peco Foods | ~December 2023 | Not specified | Data breach reported; full details not publicly disclosed on the site. |
| MarineMax | ~March 2024 | Not specified | Data breach reported; full details not publicly disclosed on the site. |
| CCM Health | ~April 2023 | Not specified | Data breach reported; full details not publicly disclosed on the site. |
