On 5 April 2023 the US District Court for the Middle District of Pennsylvania gave final approval to a class action lawsuit settlement over a covid-related data breach.
In response to the pandemic, the Department of Health of the Commonwealth of Pennsylvania had contracted with a company to conduct a state-wide contact tracing initiative. During the initiative, the company announced that a data breach had occurred: the personal data of certain individuals had been publicly available for a short time. The exposed data included names, emails, phone numbers, ages, genders, Covid-19 diagnoses, and individuals’ exposure status. Following the incident, some affected consumers filed a class action lawsuit alleging cause for negligence, publicity given to private life and breach of implied warranty.
The parties of the dispute have then reached a friendly settlement of the case. Under the settlement, the company agreed to reimburse i) the documented ordinary out-of-pocket losses incurred on account of the data incident (for a maximum of 250 dollars for each class member) and ii) the monetary extraordinary out-of-pocket losses that occurred more likely than not as a result of the data breach (for a maximum of 5.000 dollars for each class member). The company also agreed to provide class members with two years of free credit monitoring services.
Reference: Chapman v. Insight Global, LLC, Civil Case No: 1:21-cv-824-CCC.