top of page


Don't Ignore That Data Breach Notice!


In our ultra-connected digital world, every part of our day generates data. Where we work, the groceries we buy, our doctor’s visits, even many of our home appliances create an ever-growing cache of personal information that collected, stored, and analyzed on a continuous basis. Unfortunately, that personal information is also regularly shared, sold, hacked, or stolen without consumer knowledge or consent.

Stolen data can be used to commit identity theft, take out credit in your name, rack up fraudulent charges on stolen credit cards, clean out bank accounts, and even file fraudulent tax returns. 

Every U.S. state has at least one law that requires data breach victims receive “notice” if their personal information (“PI”) has been accessed and stolen, viewed, or otherwise disclosed without authorization.[1] However, we have noticed a disturbing trend to provide less and less concrete information in data breach notices, which often simply say something like, “There has been an ‘incident’ and your personal information ‘may’ have been accessed by an unauthorized actor.” Sometimes free credit monitoring is offered for a limited period of time. 

If you receive a data breach notice, or suspect that your personal information has been compromised in a cyber-theft, ransomware attack, or illicit data sharing arrangement, there are immediate steps you can take to protect yourself. California residents have specific state laws that may provide compensation of up to $750 for a data breach involving non-medical personal information, $1,000 for medical information, and up to $5,000 for personal data that has been unlawfully intercepted.


Contact our knowledgeable, experienced data breach and class action attorneys

for a no-cost, no obligation evaluation of your rights and potential remedies.

Whether it's a minor, accidental leak or a major hack, knowing how to respond is essential in today's digital landscape. Our aim is to empower you with the knowledge and tools you need to stay secure and take action, ensuring you're not just a victim, but an informed and proactive participant in safeguarding your personal data.


Immediate Steps to Take After a Data Breach


First, try to understand the extent of the breach: what information was accessed and how sensitive it is. If it involves financial data, such as credit card or bank account numbers, contact your bank or credit card company immediately to secure your accounts. It's also wise to change passwords and security questions for any affected accounts, and consider doing so for unrelated accounts as a precaution. Implementing fraud alerts with credit bureaus can provide an additional layer of protection, making it harder for someone to open new accounts in your name. In some cases, you might even want to place a credit freeze, which restricts access to your credit report and helps prevent unauthorized new accounts from being opened. 

Want more information about fraud alerts and credit freezes? Click here! 


California Data Breach Laws May Provide Protection 

California consumers have specific remedies at your disposal in the event of a data breach under the California Consumer Privacy Act (CCPA), the California Confidentiality of Medical Information Act (CMIA), and the California Invasion of Privacy Act (CIPA). 

  • The California Customer Records Act requires businesses to put into place and maintain reasonable security procedures and practices to protect consumer’s personal information. It also requires victim notification as quickly as possible under many circumstances in the event of a data breach.[2]

  • The CCPA allows you to pursue statutory damages against businesses that fail to maintain reasonable security measures, ranging from $100 to $750 per incident per consumer, or your actual damages, whichever is greater.[3]

  • The California Confidentiality of Medical Information Act (CMIA) requires that medical information be maintained in a manner that preserves its confidentiality.[4] If applicable, the CMIA provides for an award of statutory damages of $1,000, in addition to actual damages.[5]

  • The California Invasion of Privacy Statute (CIPA) prohibits the interception of personal data in transit passing over any wire, line, or cable.[6] It also makes it unlawful to record confidential communications without the consent of all parties to the communication.[7] Thus, pixel tags, keylogging, and other methods of recording or sharing your activities on a website without your consent in advance may all violate the CIPA. Under the CIPA, you can seek damages of $5,000 per violation or three times the actual damages, whichever is greater.[8]


It's crucial to remember that these remedies typically require legal action to enforce. These laws and others, including the right to privacy found in Article I, Section I of the California State Constitution, make up the robust legal framework in California designed to protect your personal data. Consulting with a legal expert is advised to effectively navigate these legal avenues and to understand how these statutes apply in the context of a specific data breach incident.

For free information on your legal right to seek compensation, fill out our contact form.



[1] See National Conference of State Legislatures (NCSL) Summary of Breach Notification Laws.

[2] California Civil Code §§ 1798.81.5(b) and 1798.82(a) & (f).

[3] Cal. Civ. Code § 1798.150.

[4] Cal. Civ. Code § 56.101(a).

[5] Cal. Civ. Code § 56.36(b).

[6] Cal. Penal Code § 631(a).

[7] Cal. Penal Code § 632(a).

[8] Cal. Penal Code § 637.2(a).

bottom of page