The Lex Machina team is excited to announce the release of its Data Breach tag and enhanced analytics as part of its Consumer Protection module. Including nearly 3,000 cases, this important data set includes cases alleging harm resulting from the inadvertent or unauthorized disclosure of consumer data collected by the defendant.


The expansion includes many high-profile cases. The most active defendants in data breach cases filed January 1, 2009 or later are Equifax, Anthem, Target, Marriott, and Capital One. The most active law firms for data breach cases in the same time frame are King & Spalding, BakerHostetler, Hogan Lovells, and Morgan & Morgan.

The team added the data breach expansion based on user feedback and interest in this area of the law. They found cases within the Lex Machina system that fit the data breach definition and added important annotations including findings, damages, resolutions, and remedies.

Users can now answer questions such as:

  • Has my judge approved a class action settlement for a data breach? If so, how much was the settlement amount?
  • How often has opposing counsel brought a data breach case to trial and how did the case resolve?
  • How long does it take for a data breach case to reach class certification?
  • Have any data breach cases in my district been dismissed based on standing issues?

The expansion includes new findings:

  • Data Breach: Notification / Handling Violation – a statutory violation for mishandling consumer data or post-breach notification requirements.
  • Data Breach: Contract Violation – a breach of a contract that included an expressed or implied obligation to safeguard consumer data.
  • No Data Breach: Standing – a party does not have standing because of lack of injury from the alleged data breach or because the injury would not likely be redressed by a favorable decision.

View the new Data Breach Cases.

Learn more about the Consumer Protection module.