Privacy & Cybersecurity
Lieff Cabraser’s Privacy & Cybersecurity practice group is a nationally and internationally-recognized leader in safeguarding people’s privacy against the pervasive and often hidden ways digital technology intrudes into and affects our daily lives. Lieff Cabraser has a proven track record of successfully taking-on the powerhouses of Big Data and social media, and making the online ecosystem safer and more just. The Privacy & Cybersecurity practice group’s honors include the National Law Journal’s 2019 Elite Trial Lawyers award for privacy and data breach litigation and Law360’s 2017 Data Privacy Practice Group of the Year.
Privacy Faces its Greatest Challenge in the Digital Age
Today, our work, commerce, finances, and communications and interactions with others occur largely online, facilitated by digital technology that tracks us everywhere, impacting our choices, behavior, and well-being. These constant intrusions into our lives, whether on purpose or by accident, allow unprecedented and nearly limitless opportunities for companies to share and profit from our personal and private information. While we appreciate the convenience that these technologies bring, we are just as concerned that unchecked, these technologies are using their incredible computing power and data aggregation abilities to threaten us with near constant surveillance and commercial and political manipulation.
Lieff Cabraser’s Privacy & Cybersecurity practice group is committed to holding the line against abuses caused by the awesome power of this technology, and to preserving our society’s time-honored values of privacy, self-determination, and independent thought that allows our democracy to flourish.
Lawyers Dedicated to Preserving Privacy
Lieff Cabraser is committed to ensuring that the fundamental right to privacy is respected and endures even as technology evolves and society changes.
Our attorneys have the experience and technical expertise necessary to successfully litigate a comprehensive range of privacy claims. We represent individuals in precedent-setting cases against powerful technology, social media, healthcare, and entertainment companies, as we aim to reaffirm and enforce the privacy protections that the law provides to secure the most sensitive personal information of citizens here and around the world.
Significant Digital Privacy Lawsuits
Lieff Cabraser serves as Class Counsel in a class action against Oracle Inc., one of the world’s largest data brokers. Plaintiffs allege that Oracle surveilled consumers online and offline, compiled their personal data into detailed profiles—including geolocation, finances, demographics, interests, and health—and then sold those profiles to third parties. Plaintiffs further allege that Oracle’s “coretag” tracking code, embedded on thousands of popular websites, unlawfully intercepts consumers’ communications. Consumers did not consent to Oracle’s conduct; many were unaware that the company existed. This case is thus unique in that Oracle’s surveillance centers on people with whom the company had no direct relationship.
On November 15, 2024, Chief Judge Richard Seeborg of the U.S. District Court for the Northern District of California granted final approval to a class action settlement requiring Oracle to pay $115 million into a non-reversionary settlement fund from which benefits to class members will be paid, and to implement changes to its business practices. On February 13, 2026, the Ninth Circuit affirmed the settlement’s final approval. More details about the case and settlement are available on the settlement website: https://www.katzprivacysettlement.com/.
Lieff Cabraser represents the plaintiffs in a class action lawsuit alleging that Meta Platforms, formerly known as Facebook, violated privacy laws by obtaining users’ protected personal information from the California Department of Motor Vehicles, including names, disability information, and e-mail addresses, as well as confidential communications.
Lieff Cabraser serves as a member of the Steering Committee in class action litigation against Marriott International Inc. and Accenture PLC for a 2018 data breach of Starwood Hotels affecting more than 100 million U.S. citizens. Plaintiffs allege that Marriott and Accenture failed to fulfill their legal duties to protect Marriott’s customers’ sensitive personal and financial information, causing class members’ personal information, including credit card and passport numbers, to be exfiltrated by cybercriminals. That case is ongoing before the District Court following a remand from the Fourth Circuit on Defendants’ 23(f) appeal.
Lieff Cabraser serves as Co-Lead Counsel on the Quest track in class action litigation against Quest Diagnostics Inc. and Optum360, LLC alleging that they shared, or facilitated the sharing of, customers’ personal identifying financial and health information with a third-party debt collector American Medical Collection Agency that was breached. Plaintiffs allege that Quest failed to fulfill its legal duty to protect customers’ sensitive personal, financial, and health information by sharing it with a third-party that lacked adequate data security. Plaintiffs’ motion for class certification in the Quest track is pending.
For several years, Lieff Cabraser litigated on behalf of internet users whose locations Google stored even though the relevant setting, which Google had explained would prevent the company from tracking their movements, had been disabled. The parties reached a $62 million settlement in 2023 that, in light of class size estimated at nearly 250 million individuals, provides funds for non-profit organizations aimed at promoting consumer internet privacy and thus furthering the interests of the class. The settlement also ensures changes to Google’s data collection and disclosure practices. The District Court granted final approval to the settlement in May 2024 and appointed Lieff Cabraser as Co-Lead Class Counsel. The sole group of objectors filed an appeal, which is now pending at the Ninth Circuit.
In June 2023, Lieff Cabraser and co-counsel filed a class action lawsuit in the Northern District of California against Laboratory Corporation of America for collecting and facilitating the collection of identifiable and sensitive health information from users of Labcorp’s website using invisible tracking technology, including Google Analytics and the Meta Pixel. In 2024, the Court denied Labcorp’s motion to dismiss. The parties have now reached an agreement in principle to settle all claims.
In July 2025, Lieff Cabraser filed suit in the Northern District of California against Meta concerning its covert scheme to impermissibly exploit a security vulnerability in Google’s Android operating system, which allowed Meta to tie together Android users’ real-world identities and their detailed web browsing activities without consent. Meta’s brazen plot violated a long-held industry security and privacy feature known as “sandboxing,” and caused industry shockwaves when internet security researchers publicly revealed the misconduct. In October 2025, the Court appointed Lieff Cabraser and four other law firms as Interim Class Counsel. Plaintiffs subsequently filed a consolidated complaint against Meta and Google and have fully-briefed and argued Meta’s and Google’s motions to dismiss.
Lieff Cabraser represents plaintiffs challenging one of the world’s largest data brokers for unlawfully collecting, aggregating, and selling detailed personal information without consent. The case alleges LiveRamp assigns persistent “RampIDs” to create comprehensive identity profiles and sell highly detailed and sensitive data about the plaintiffs through its Data Marketplace, despite the plaintiffs having no direct relationship with the company. In July 2025, the Northern District of California denied LiveRamp’s motion to dismiss, allowing the case to proceed in full on claims including violations of the California Constitution, Electronic Communications Privacy Act, and California Invasion of Privacy Act.
Lieff Cabraser serves as court-appointed lead counsel in consolidated class action litigation against this major digital advertising platform. The case challenges The Trade Desk’s alleged pervasive surveillance practices, including tracking individuals’ online and offline activities to compile detailed dossiers containing sensitive health, political, financial, and location information. Plaintiffs allege the company’s “Unified ID 2.0” system and data broker partnerships enable creation and sale of “cradle-to-grave” profiles without consent, and the litigation seeks injunctive relief and damages for invasion of privacy.
Lieff Cabraser serves as a member of the Steering Committee in class action litigation against Snowflake Inc., and several of its customers, including AT&T, Inc., Ticketmaster, LLC, LendingTree, LLC, QuoteWizard.com, Neiman Marcus Group, LLC, and Advance Auto Parts, for a 2024 data breach affecting millions of Americans. Plaintiffs allege that Defendants failed to fulfill their legal duties to protect class members’ sensitive personal and financial information. In October 2025, the Court denied Snowflake and Ticketmaster’s motions to dismiss and QuoteWizard and LendingTree’s motion to compel arbitration and discovery is ongoing. Pending or final settlements to date with Neiman Marcus, Advance Auto Parts, and AT&T total more than $40 million.”
Lieff Cabraser serves on the Plaintiffs’ Steering Committee representing a proposed class of Health Care Providers in a class action MDL against Change Healthcare and United Health, which together operate insurance claims approval and payment infrastructure that is critical to the American healthcare system. Plaintiffs allege that in 2024, Change was subject to a foreseeable, preventable, ransomware attack that caused its systems to shut down for months, leaving healthcare providers unable to submit claims for reimbursement for healthcare services and causing many providers to shutter their businesses.
On December 19, 2025, Judge Donovan Frank of the U.S. District Court for the District of Minnesota denied a motion to dismiss providers’ claims in large part, allowing claims for breach of contract, public nuisance, negligence, and others to proceed to discovery, which is ongoing. More details about the case are available on the MDL website, https://www.mnd.uscourts.gov/content/change-healthcare-inc-data-breach.
Lieff Cabraser, with the ACLU of Northern California, represents the non-profit San Francisco Tenants Union and tenants in properties owned and operated by Equity Residential in litigation alleging that landlords’ mandatory use of “smart” locks and thermostats transmitting live data from tenants’ homes violates their privacy rights, and that requiring compliance through a residential lease is unlawful. The case was filed in 2025 in San Francisco Superior Court.
Successes
Lieff Cabraser and co-counsel have settled two class action lawsuits under Illinois’ Biometric Information Privacy Act (“BIPA”) alleging that the defendants illegally obtained truck drivers’ biometric information while they drove. This information was obtained without truck drivers’ written consent through dashboard cameras installed by their employers that were constantly scanning their facial features.
In Karling v. Samsara, Inc., Lieff Cabraser and co-counsel achieved a settlement valued at $7.5 million on behalf of drivers who were monitored using dash cameras sold by technology provider Samsara, Inc. Karling v. Samsara, No. 2025-LA-0000175 (Ill. Cir. Ct. Oct. 20, 2025).
In Timmons v. Lytx, Inc., the Southern District of Illinois approved a class action settlement consisting of a $4.25 million non-reversionary cash fund for the benefit of Settlement Class Members. See Lewis v. Lytx, Inc., No. 3:22-cv-00046 (S.D. Ill. July 25, 2025), Dkt. 139.
Lieff Cabraser served as Lead Counsel in a privacy class action on behalf of Android users concerning Google’s unlawful exposure of confidential medical information and personally identifying information through its digital contract tracing system designed by Google to slow or stop the spread of COVID-19 on Android mobile devices. Plaintiffs resolved the suit via a novel early resolution process with Plaintiffs’ consulting expert’s review of highly confidential information from Google, which generated significant injunctive relief to fix the fundamental error and legally-binding representations and warranties by Google. On October 31, 2022, Judge Nathanael M. Cousins granted final approval to the settlement.
Lieff Cabraser served as Co-Lead Class Counsel in a class action lawsuit alleging that Plaid Inc., a financial technology company, invaded consumers’ privacy in their financial affairs. Plaid provides third-party bank account authentication services for several well-known payment apps, such as Venmo, Coinbase, Square’s Cash App, and Stripe. Plaintiffs alleged that Plaid used login screens that misleadingly looked like those of real banks to obtain consumers’ banking account credentials, and that it subsequently used consumers’ credentials to access their bank accounts and improperly take their banking data. Plaintiffs’ lawsuit asserted claims under state and federal privacy laws and charged that Plaid’s intrusions violated established social norms and exposed consumers to additional privacy risks.
In July 2022, Judge Donna M. Ryu of the U. S. District Court for the Northern District of California granted final approval to a class action settlement that requires Plaid to pay $58 million into a settlement fund from which benefits to settlement class members will be paid. Judge Ryu also praised “the robust injunctive relief provided by the settlement,” which requires Plaid to delete certain user data, disclose more information on the data it collects and stores, and maintain the Plaid Portal website, with which users can view and manage the financial accounts and apps connected by Plaid.
Lieff Cabraser filed suit with co-counsel, including the Attorney General of the State of New Mexico, in a federal case on behalf of children and their parents in New Mexico for violating the Children’s Online Privacy Protection Act (“COPPA”) and consistent state law. The lawsuit alleged that child-app developer Tiny Lab Productions and Google, whose AdMob advertising software is embedded in the Tiny Lab mobile games, surreptitiously and illegally harvested children’s personal information for profiling and targeting them for commercial gain, without adequate disclosures and verified parental consent. Specifically, the State alleged that Google and Tiny Lab collected and used personal data that included, among things, geolocation and persistent identifiers to serve children targeted advertisements or otherwise commercially exploit them. The apps at issue were clearly and indisputably designed for children, including names like “Fun Kid Racing” and “Candy Land Racing.” After surviving a motion to dismiss in 2020 and a motion for reconsideration of the same in 2021, the State settled with Google in December 2021, agreeing to significant changes to the Google Play Store and the treatment of child-directed games by Google AdMob.
In three related class actions, Lieff Cabraser, with co-counsel, represented parents whose children’s right to privacy was violated when their personal data was surreptitiously transmitted while playing child-directed mobile gaming apps. Specifically, Plaintiffs alleged that gaming app developers and their mobile advertising partners (developers of so-called “software development kits” or “SDKs”) collected personally identifying data (e.g., device identifiers and location data) through six apps (Subway Surfers, Where’s My Water? (Paid), Where’s My Water (Free/Lite), Where’s My Water? 2, Princess Palace Pets, and Llama Spit Spit), and used that data to monetize their apps through targeted behavioral advertising—without the knowledge of child users or their parents. In May 2019, U.S. District Judge James Donato issued an order largely denying the defendants’ motions to dismiss. Plaintiffs then pursued their claims (i) for intrusion upon seclusion and a violation of the constitutional right to privacy under California law, (ii) under the California Unfair Competition Law, (iii) under the Massachusetts statutory right to privacy, and (iv) under New York General Business Law Section 349.
In April 2021, Judge Donato granted final approval to 16 settlements, which provided stringent and wide-ranging privacy protections and meaningful changes to defendants’ business practices, ensuring participants in the largely unpoliced mobile advertising industry proactively protect children’s privacy in thousands of apps popular with children. Under the settlements, which The New York Times stated “could reshape the entire children’s app market,” Disney, Viacom, and others as well as their advertising technology partners must stop tracking children across apps and the internet for targeted advertising purposes.
As in the child privacy cases described immediately above, Lieff Cabraser filed suit against and settled an action with Idaho technology company Kochava, Inc., whose software code was embedded in Disney apps directed to children. In March 2022, U.S. District Judge B. Lynn Winmill granted final approval to a settlement modeled after the N.D. Cal. settlements, requiring Kochava to reform its business practices as to thousands of child-directed apps in which Kochava’s embedded software code transmits and monetizes personal data.
Lieff Cabraser served as Class Counsel representing individuals whose right to privacy was violated when Google intentionally equipped its Google Maps “Street View” vehicles with Wi-Fi antennas and software that collected data transmitted by those persons’ Wi-Fi networks located in their nearby homes. Google collected not only basic identifying information about individuals’ Wi-Fi networks, but also personal, private data being transmitted over their Wi-Fi networks such as emails, usernames, passwords, videos, and documents. Plaintiffs alleged that Google’s actions violated the federal Wiretap Act, as amended by the Electronic Communications Privacy Act. On September 10, 2013, the Ninth Circuit Court of Appeals held that Google’s actions are not exempt from the Act.
On March 20, 2020, U.S. District Judge Charles R. Breyer granted final approval to a $13 million settlement over Google’s illegal gathering of network data via its Street View vehicle fleet. Given the difficulties of assessing precise individual harms, the innovative settlement, which is intended in part to disincentivize companies like Google from future privacy violations, will distribute its monies to eight nonprofit organizations with a history of addressing online consumer privacy issues. The order approving the settlement was upheld on appeal.
Lieff Cabraser served on the Plaintiffs’ Steering Committee representing individuals in a class action lawsuit against Anthem for its alleged failure to safeguard and secure the medical records and other personally identifiable information of its members. Anthem’s customer database was allegedly attacked by international hackers on December 10, 2014. The theft included names, birth dates, social security numbers, billing information, and highly confidential health information. The complaint charged that Anthem violated its duty to safeguard and protect consumers’ personal information, and violated its duty to disclose the breach to consumers in a timely manner. In addition, the complaint charged that Anthem was on notice about the weaknesses in its computer security defenses for at least a year before the breach occurred.
On August 16, 2018, the United States District Court for the Northern District of California granted final approval to a class action settlement in the Anthem Data Breach Litigation, which required Anthem to undertake significant additional cybersecurity measures to better safeguard information going forward, and to pay $115 million into a settlement fund. The settlement benefits included providing class members a minimum of two years of free credit monitoring, or a cash payment of $50 in lieu of credit monitoring for class members who already have such protection, and compensation up to $10,000 per class member for documented out-of-pocket losses attributable to the data breach. The settlement became effective on October 25, 2018.
Lieff Cabraser served as Co-Lead Class Counsel representing consumers in a digital privacy class action against Google Inc. over claims the popular Gmail service conducted unauthorized scanning of email messages to build marketing profiles and serve targeted ads. The complaint alleged that Google routinely scanned email messages that were sent by non-Gmail users to Gmail subscribers, analyzed the content of those messages, and then shared that data with third parties in order to target ads to Gmail users, an invasion of privacy that violated the California Invasion of Privacy Act and the federal Electronic Communications Privacy Act. In February 2018, Judge Lucy H. Koh of the U. S. District Court for the Northern District of California granted final approval to a class action settlement. Under the settlement, Google made business-related changes to its Gmail service, as part of which, Google will no longer scan the contents of emails sent to Gmail accounts for advertising purposes, whether during the transmission process or after the emails have been delivered to the Gmail user’s inbox.
In Campbell v. Facebook, Lieff Cabraser represented plaintiffs in litigation against Facebook for allegedly scanning and intercepting private messages on its social network platform. Filed in December 2013, the case alleged that Facebook intercepted the content of Facebook messages, without consent, in violation of the federal Electronic Communications Privacy Act and the California Invasion of Privacy Act. After intense litigation which included discovery of Facebook’s relevant source code, the parties settled the case. As part of the injunctive-relief-only settlement, Facebook confirmed that the challenged conduct had ceased–namely, Facebook confirms that it no longer utilizes data from URLs within private messages to (1) generate recommendations to its users; (2) share user data with third parties; or (3) increase “like” counter numbers on third party websites. The settlement was approved by the District Court in 2017 and affirmed by the Ninth Circuit in 2020.
Lieff Cabraser represented consumers who subscribed to LifeLock’s identity theft protection services in a nationwide class action fraud lawsuit. The complaint alleged LifeLock did not protect the personal information of its subscribers from hackers and criminals, and specifically that, contrary to its advertisements and statements, LifeLock lacked a comprehensive monitoring network, failed to provide “up-to-the-minute” alerts of suspicious activity, and did an inferior job of providing the same theft protection services that banks and credit card companies provide, often for free. On September 21, 2016, U.S. District Judge Haywood Gilliam, Jr. granted final approval to a $68 million settlement of the case.
Lieff Cabraser represented a plaintiff in Multi-District Litigation against Samsung, LG, Motorola, HTC, and Carrier IQ alleging that smartphone manufacturers violated privacy laws by installing tracking software, called IQ Agent, on millions of cell phones and other mobile devices that use the Android operating system. Without notifying users or obtaining consent, IQ Agent tracks users’ keystrokes, passwords, apps, text messages, photos, videos, and other personal information and transmits this data to cellular carriers. In a 96-page order issued in January 2015, U.S. District Court Judge Edward Chen granted in part, and denied in part, defendants’ motion to dismiss. Importantly, the Court permitted the core Wiretap Act claim to proceed as well as the claims for violations of the Magnuson-Moss Warranty Act and the California Unfair Competition Law and breach of the common law duty of implied warranty. In 2016, the Court granted final approval of a $9 million settlement plus injunctive relief provisions.
Lieff Cabraser represented individuals who joined LinkedIn’s network and, without their consent or authorization, had their names and likenesses used by LinkedIn to endorse LinkedIn’s services and send repeated emails to their contacts asking that they join LinkedIn. On February 16, 2016, the Court granted final approval to a $13 million settlement, which at that time was one of the largest per-class member settlements ever in a digital privacy class action. In addition to the monetary relief, LinkedIn agreed to make significant changes to Add Connections disclosures and functionality. Specifically, LinkedIn revised disclosures to real-time permission screens presented to members using Add Connections, agreed to implement new functionality allowing LinkedIn members to manage their contacts, including viewing and deleting contacts and sending invitations, and to stop reminder emails from being sent if users have sent connection invitations inadvertently.
Lieff Cabraser served as Plaintiffs’ Co-Lead Counsel in class action litigation against Sony for failing to take reasonable measures to secure the data of its employees from hacking and other attacks. As a result, personally identifiable information of thousands of current and former Sony employees and their families was obtained and published on websites across the Internet. Among the staggering array of personally identifiable information compromised were medical records, Social Security Numbers, birth dates, personal emails, home addresses, salaries, tax information, employee evaluations, disciplinary actions, criminal background checks, severance packages, and family medical histories. The complaint charged that Sony owed a duty to take reasonable steps to secure the data of its employees from hacking. Sony allegedly breached this duty by failing to properly invest in adequate IT security, despite having already succumbed to one of the largest data breaches in history only three years ago. In October 2015, an $8 million settlement was reached under which Sony agreed to reimburse employees for losses and harm.
Lieff Cabraser represented identity theft victims in a nationwide class action lawsuit against Intuit for allegedly failing to protect consumers’ data from foreseeable and preventable breaches, and by facilitating the filing of fraudulent tax returns through its TurboTax software program. The complaint alleged that Intuit failed to protect data provided by consumers who purchased TurboTax, used to file an estimated 30 million tax returns for American taxpayers every year, from easy access by hackers and other cybercriminals. The complaint further alleged that Intuit was aware of the widespread use of TurboTax exclusively for the filing of fraudulent tax returns. Yet, Intuit failed to adopt basic cyber security policies to prevent this misuse of TurboTax. As a result, fraudulent tax returns were filed in the names of the plaintiffs and thousands of other individuals across America, including persons who never purchased TurboTax. In May 2019, Judge Edward J. Davila of the U. S. District Court for the Northern District of California granted final approval to a settlement that provided all class members who filed a valid claim with free credit monitoring and identity restoration services, and required Intuit to commit to security changes for preventing future misuse of the TurboTax platform.
Lieff Cabraser served as Co-Lead Counsel in class action litigation against Somnia, Inc., an anesthesiology services provider and practice management company that manages numerous anesthesiology providers and individual anesthesiology providers over a 2022 data breach that impacted the personally identifiable information and private health information of almost half a million patients. The Southern District of New York granted final approval in April 2025 of a settlement valued at $3.175 million.
“We are now into a whole unexplored, but sensitive, area dealing with privacy in the cyberworld . . . . [T]his is an area that will foment practices, litigation, jurisprudence, and I think it’s worthwhile.”
–U.S. District Judge, September 2019, approving preliminary settlement in Lieff Cabraser’s Google Street View Litigation
“Current privacy expectations are developing, to say the least, with respect to a key issue raised in these cases–whether the data subject owns and controls his or her personal information…”
-U.S. District Judge, May 2019, denying motion to dismiss in Lieff Cabraser’s Child Online Privacy Litigation
“Your location, your messages, your heart rate after a run. These are private things. Personal things. And they should belong to you. Simple as that.”
-Technology Company, October 2019 Advertisement
Contact us
Please use the form below to contact a digital privacy attorney at Lieff Cabraser. You can also call us toll-free at 1 800 541-7358. There is no charge or obligation for our review of your case. The information you provide will help us hold companies accountable for their failures to properly secure and protect personal user information in every sphere of modern life.
