Update (November 15, 2024): The case has reached a settlement for $750,000.
In a recent class action lawsuit, plaintiff Augustyn Wiacek has accused Mondelez Global LLC of failing to use reasonable measures to protect the personal information (PII) of at least 51,000 individuals, and of not providing timely notice of a data breach. The suit alleges that this negligence led to tangible injury-in-fact and damages, including the theft of their PII by criminals, improper disclosure of their PII, lost benefit of their bargain, lost value of their PII, and lost time and money incurred to mitigate and remediate the effects of the data breach.
The plaintiff alleges that Mondelez Global LLC violated the Federal Trade Commission Act (FTC Act) by failing to use reasonable measures to protect the plaintiff's and the class's PII. The FTC Act prohibits unfair practices in commerce, including the failure of businesses to use reasonable measures to protect customers’ PII. The FTC recommends that companies limit access to sensitive data, require complex passwords on networks, use industry-tested methods for security, monitor for suspicious activity on the network, and verify that third-party service providers have implemented reasonable security measures.
According to the lawsuit, Mondelez Global LLC allegedly breached their duty to exercise reasonable care in handling and securing the PII of the plaintiff and the class, leading to the data breach and the plaintiff's and the class's injury. The plaintiff further alleges that Mondelez Global LLC failed to provide timely notice of the data breach, exacerbating the harm from the data breach and the plaintiff's and the class's injuries-in-fact.
The plaintiff alleges that Mondelez Global LLC stored, used, and exchanged the PII of the plaintiff and the class without implementing and maintaining reasonable security procedures and practices. This failure, the plaintiff asserts, led to the unauthorized access of their PII by cybercriminals. The plaintiff claims that this breach of duty has caused actual harm through the loss of their PII.
The plaintiff further alleges that Mondelez Global LLC failed to provide timely notice of the data breach, leading to additional harm. The plaintiff argues that had they been notified earlier, they could have taken steps to mitigate the effects of the data breach.
The class members in this case are all individuals who had their PII compromised in the data breach. This includes anyone whose PII was stored, used, or exchanged by Mondelez Global LLC, and anyone who was notified of the data breach by the company. The class is limited to individuals in the United States.
It is estimated that the class is made up of at least 51,000 individuals, all of whom have allegedly suffered actual, tangible injury-in-fact and damages as a result of the data breach.
The plaintiff and the class are seeking damages, treble damages, or injunctive relief. Although the exact dollar amount is not stated in the complaint, it is likely that the plaintiff is seeking at least five million dollars. This is based on the alleged harm suffered by the plaintiff and the class, including the theft of their PII, improper disclosure of their PII, lost benefit of their bargain, lost value of their PII, and lost time and money incurred to mitigate and remediate the effects of the data breach.
The plaintiff also alleges that the defendant's actions have caused them to lose the value of their PII. The plaintiff argues that had they known of Mondelez Global LLC's alleged negligence in protecting their PII, they would not have chosen to do business with the company.
As this is a class action lawsuit, the next steps in the case could include certification of the class by the court. This would allow the case to proceed on behalf of all class members. If the class is certified, the case could then proceed to discovery, where both sides would gather evidence to support their claims.
Alternatively, the parties could choose to settle the case out of court. This could result in a monetary settlement for the plaintiff and the class, or changes to Mondelez Global LLC's data security practices. However, any settlement would need to be approved by the court.