Privacy, Technology, and Cybersecurity

---

DiCello Levitt’s Privacy, Technology, and Cybersecurity Litigation Practice Group includes award-winning attorneys and skilled technologists who routinely represent consumers and public clients against some of the largest corporations in the country.

Our firm represents people and businesses affected by large data breaches and wrongful use of their private information. We have extensive experience holding large companies accountable, taking on the world’s tech giants and other powerful corporations for misusing and exposing consumers’ personal data. Our attorneys have played leading roles in some of the largest data breach, privacy, and technology settlements in the United States, winning significant motions and creating new legal theories and damages models that have been cited in numerous cases across the United States.

Focusing on information security and data breach cases, as well as data misuse and privacy violations, our firm’s attorneys have pioneered the practice by developing legal precedent in both state and federal courts and new standards for large settlements. Our practice group’s groundbreaking work includes developing case law establishing that personal information has value and that individuals who are victims of data security incidents may recover damages for taking steps to protect themselves from a company’s negligence. These cases have been cited hundreds of times and are credited with enshrining consumer protection principles in technology litigation.

[DiCello Levitt] has steered clients through a wide variety of class actions and individual litigation that have required a deep dive into complex legal questions and emerging technologies. The firm’s technology, cybersecurity and privacy practice, led by partner Amy E. Keller, has in particular found success in these efforts, with Keller having been tapped for leadership roles in high-stakes data breach and consumer protection disputes against industry heavyweights such as Equifax, Marriott and Apple.

Law360

To provide robust representation to plaintiffs affected by cybersecurity and data privacy matters, DiCello Levitt developed a first-of-its kind practice group with both a dedicated data breach section and a privacy section. In addition to being named Practice Group of the Year by The National Law Journal, we are the only law firm to be recognized by Law360 for three consecutive years as Cybersecurity and Data Privacy Practice Group of the Year for our role in some of the world’s most wide-reaching data privacy class action lawsuits to date, including multidistrict litigations against Google, Equifax, Marriott, Blackbaud, Amazon, and Facebook.

Our attorneys are heavily involved in advancing the law and participate in the Sedona Conference’s Working Group 11 on privacy and cybersecurity, the American Law Institute, the American Association for Justice, and the Public Justice Foundation. Through our work in these organizations, we have testified before lawmakers about consumers’ experiences, developed model practices and legislation related to privacy and cybersecurity, and have written amicus briefs on behalf of not-for-profit entities advocating for consumer protections.

Our deep bench of experienced attorneys have the technical know-how and litigation acumen to secure compensation for our clients and restrain future corporate misconduct.

Representative Matters

In re Facebook Internet Tracking Litigation

DiCello Levitt achieved a substantial settlement on behalf of a class of consumers against Facebook, alleging that Facebook inappropriately collected user data even after users logged out of their accounts. The landmark case established new circuit court precedent that personal information has financial value, and the $90 million settlement included a first-of-its-kind nationwide injunction requiring deletion of the at-issue data that the press hailed as a “watershed moment” in data privacy.

In re Google RTB Consumer Privacy Litigation

DiCello Levitt serves on the Executive Committee in a nationwide class action alleging that Google breached its contractual promise not to sell users’ personal information by rebroadcasting data during real-time bidding (RTB) auctions, exposing the data to potential ad buyers and others surveilling the auctions. The firm helped secure a landmark settlement requiring Google to create new account-level controls giving Google account holders the power to limit the information shared in RTB auctions and to implement enhanced disclosures about its data-sharing practices.

Calhoun v. Google

DiCello Levitt co-leads a data privacy action brought by Google Chrome users whose personally identifiable information (PII) was collected without their consent while not synced with a Google account, in violation of express contractual privacy promises. In August 2024, in a landmark opinion, a unanimous panel of the Ninth Circuit rejected Google’s “consent” defense and remanded it to the district court for trial, pending class certification. For this victory, the team was recognized as Law360’s “Legal Lions of the Week.”

Kolstedt, et al v. TMX Finance Corporate Services Inc.

DiCello Levitt served as Co-Lead Counsel in a nationwide data privacy class action against TMX Finance following a data breach that compromised the personal information of approximately 4.8 million customers, including Social Security numbers, financial account information, and other sensitive data. The firm secured a $42.5 million settlement providing cash payments and debt relief for affected borrowers, along with commitments by TMX to implement enhanced cybersecurity measures.

In re LastPass Data Security Incident Litigation

DiCello Levitt was appointed as Co-Lead Counsel representing millions of consumers in litigation arising from a data breach that exposed LastPass customers’ password vault backups. The firm negotiated a landmark settlement that provides significant monetary, injunctive, and in-kind relief to the class, including a first-of-its-kind cryptocurrency theft claims process that enables class members who suffered crypto losses to recover up to $900,000 through a streamlined, cost-efficient process without the need to retain their own counsel.

In re Consumer Vehicle Driving Data Tracking Collection

DiCello Levitt represents plaintiffs in a multidistrict litigation alleging that General Motors, OnStar, LexisNexis Risk Solutions Inc., and Verisk Analytics Inc. collected and shared sensitive consumer driving data without adequate disclosure or consent. The complaint alleges that the defendants used data such as acceleration, braking, speed, distance traveled, and vehicle identification numbers to track drivers, resulting in increased auto insurance rates and violations of consumer protection and wiretap laws.

In re Data Breach Security Litigation Against Caesars Entertainment Inc.

DiCello Levitt represents customers of Caesars casinos and members of the Caesars Loyalty Program whose highly sensitive personal information—including names, addresses, and Social Security numbers—was stolen during a cyberattack. Amy Keller was appointed Co-Lead Counsel and successfully defeated Caesars’ motion to stay discovery and motion to dismiss while pursuing damages for those harmed by the breach.

In re Snowflake Inc. Data Security Breach Litigation

DiCello Levitt serves as Co-Lead Counsel in a multidistrict “hub-and-spoke” data breach litigation involving Snowflake and other major companies, including AT&T, Neiman Marcus, Ticketmaster, and Live Nation, arising from breaches affecting hundreds of millions of individuals. The firm has secured significant victories, including settlements with several defendants and defeating motions to compel arbitration and dismiss, positioning the case to advance novel theories of liability in data security litigation.

Taylor v. Zillow Inc., et al.

DiCello Levitt was appointed to serve as Co-Lead Counsel against Zillow and some of the largest real estate brokers from around the country. The class action lawsuit alleges a RICO conspiracy, as well as violations of federal and state statutes, as part of a scheme to deceive consumers by concealing conflicts of interest and kickbacks to steer homebuyers into Zillow’s mortgage products and charge hidden fees. The plaintiffs allege that Zillow leverages its significant market power in home listings to prop up its fledgling mortgage business, in violation of federal law.