Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

1 min read

Contract class certified in Carefirst data breach lawsuit

Contract class certified in Carefirst data breach lawsuit

After nine years of legal action, the CareFirst data breach lawsuit has finally reached a major milestone. The court has recently certified a contract class in the lawsuit, marking a victory for the plaintiffs and a step forward in holding organizations accountable for data breaches. 


What happened

In 2014, CareFirst, one of the largest health insurers in the United States, experienced a massive data breach that compromised the personal and medical information of over 1.1 million individuals. The breach exposed sensitive data, including names, birthdates, email addresses, and subscriber ID numbers. CareFirst publicly acknowledged the breach in 2015, prompting affected individuals to take legal action against the company.


The backstory 

Following the data breach, several lawsuits were filed against CareFirst, alleging negligence and failure to protect customer data adequately. The plaintiffs sought damages for the harm caused by the breach and demanded greater accountability from the company. The legal battle began, and over the years, the case went through various stages of litigation.

After nearly a decade of legal proceedings, a significant breakthrough occurred when the court certified a contract class in the CareFirst data breach lawsuit. This means that a group of individuals contracted with CareFirst for insurance coverage during a specific period are now certified as a class, allowing them to collectively pursue their claims against the company.


What was said

On March 29, 2023, after careful consideration and a hearing on the matter, Judge Cooper found that certification of a contract class was warranted. “The standing issue that prevented the Court from certifying the last go around has since dissolved because, as all sides agree, each member of the proposed class has allegedly suffered a concrete injury based on CareFirst’s supposed breach of its contractual obligation to safeguard its customers’ data—regardless of whether they sustained an additional, tangible injury due to the data breach,” wrote Judge Cooper in his ruling.


Why it matters

The certification of a contract class in the CareFirst data breach lawsuit marks a significant milestone in the legal battle against organizations responsible for data breaches. It provides hope for affected individuals seeking justice and reminds companies of the necessity of data protection measures. As the legal proceedings continue, this landmark case will undoubtedly shape the future of data breach litigation and reinforce the need for accountability in the digital age.


Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.