Amy leads nationwide litigations—representing hundreds of millions of consumers—against industry titans such as Equifax, Apple, Marriott, and Blackbaud
DiCello Levitt Technology, Privacy, and Cybersecurity practice chair Amy Keller was interviewed by leading business, legal, and trade publications over the past several days regarding T-Mobile’s disclosure of a major data breach impacting more than 48 million current, former, and prospective customers.
According to Amy, “If the hackers’ claims are true, it’s shocking that one of T-Mobile’s databases held sensitive information like dates of birth, drivers’ license numbers, social security numbers, and plaintext security PINs—going back to the 1990s. This goes against all guidance regarding data minimization, and storing sensitive information in plain text format is a clear no-no.”
Amy added that the current regulatory landscape has created a lot of consumer dissatisfaction, because traditional legal theories—such as common law negligence—haven’t produced large enough awards to incentivize companies to invest in better security. “Consumers are sick and tired of data breaches, and statutes like the [newly-enacted California Consumer Privacy Act, or “CCPA”] provide real teeth to demonstrate how important this data is to consumers. Statutory damages provide meaningful relief, and companies shouldn’t be storing data carelessly.”
Amy also said the nature and scope of the T-Mobile breach, which some reports have said involved data that dates back to the 1990s, suggests that the carrier may have been storing unnecessary data on outdated systems, “which is very concerning.”
Amy currently serves as one of the co-lead counsel in the Blackbaud data breach litigation, where she and her colleagues were able to fend off Blackbaud’s motion to dismiss many of their statutory-based consumer protection claims, including their California Consumer Privacy Act claim. This is one of the first, major data breach cases with a CCPA “win” on a motion to dismiss.
Amy explained that the class actions that are starting to be filed against T-Mobile may include allegations under CCPA, which took effect in January 2020, and allows consumers to seek statutory damages of up to $750 per violation for data breaches that result from a company’s failure to implement reasonable security procedures.
The coverage includes The Wall Street Journal, Wired, Business Insider, CyberWire, Cybersecurity Dive, Law360, and TechZone Daily.
For The Wall Street Journal story featuring Amy discussing what steps consumers may take if their data has been hacked in the T-Mobile data breach, read here.
For The Wall Street Journal featuring Amy’s commentary about T-Mobile regulatory scrutiny, read here.
For the Wired story, read here. (Subscription may be required).
For the Business Insider story (Spanish), read here.
For the Cybersecurity Dive story, read here.
For the Law360 story, read here. (Subscription may be required).
For the TechZone Daily, read here.
For more information on the T-Mobile matter, please email [email protected].