Experian Data Breach Settlement Preliminarily Approved

December 3, 2018 – A California federal judge granted preliminary approval to a nationwide class action lawsuit filed by consumers, represented by Daniel Robinson of Robinson Calcagnie, Inc. and Tina Wolfson of Ahdoot & Wolfson, P.C., against Experian Information Solutions, Inc. and Experian Holdings, Inc. (together “Experian”).

On October 1, 2015, Experian announced that it “experienced an unauthorized acquisition of information from a server” that affected more than 15 million consumers in the United States.  Over 40 complaints were filed across the country, and eventually all cases were transferred and consolidated before the Hon. Andrew J. Guilford, United States District Court Judge of the Central District of California.

Plaintiffs alleged that the data breach compromised their personal information, including names, addresses, Social Security numbers, military ID numbers, and passport numbers. Their suits included claims for failing to implement and maintain adequate data security practices to safeguard personally identifiable information (PII), failing to detect the breach in a timely manner, failing to disclose information to Class Members, and failing to provide adequate and timely notice of the breach. Plaintiffs brought claims under the Fair Credit an Reporting Act (FCRA) and 44 different state statutes.

After over two years of intensive litigation and discovery, the parties reached an agreement to settle the case in a mediation presided over by Judge Jay Gandhi (ret.). The settlement – which is likely to exceed $47 million in value – consists of $22 million for the non-reversionary Settlement Fund, $11.7 million for Experian’s remedial measures implemented as a result of this lawsuit, and $7,638,738.72 for every 0.1% of Class Members who submit claims to receive Credit Monitoring and Insurance.

The $22 million Settlement Fund provides for the following remedies, among others:

  • Two years of an enhanced version of Identity Guard’s Individual Total Plan for Class Members who submit claims;
  • Cash payments for Class Members’ documented out-of-pocket costs and time spent due to the Data Breach;
  • $2,500 service awards for each class representative; and
  • Attorney’s fees and costs as approved by the Court, which class counsel agree will not exceed $10.5 million

The $11.7 million set aside for remedial and enhanced security measures at Experian would fund, among other things:

  • Implementation of a Security First Program;
  • Hiring of 60 additional full-time employees; and
  • Heightened encryption throughout Experian’s network and user database.

Class members include The 15,922,099 T-Mobile USA customers or applicants who are identified on the Settlement Class List, including Plaintiffs, whose PII was stored on Experian Information Solutions, Inc.’s and Experian Holdings, Inc.’s server that was accessed by an authorized user in the Data Breach. Excluded from the Settlement Class are: (1) the Judges presiding over the Action and members of their families; (2) the Defendants, their subsidiaries, parent companies, successors, predecessors, and any entity in which the Defendants or their parents have a controlling interest and their current or former officers, directors, and employees; (3) Persons who properly execute and submit a Request for Exclusion prior to the expiration of the Opt-Out Period; and (4) the successors or assigns of any such excluded Persons.

The case is In re Experian Data Breach Litigation, case number 8:15-cv-01592 in the U.S. District Court for the Central District of California. For more information on the settlement, please go to www.expdatabreachsettlement.com