Skip to Main Content


Over the past two decades, many of us have become increasingly reliant on our smartphones and other personal electronic devices to manage nearly every aspect of our daily lives. Likewise, we no longer think twice before entrusting our personal, financial, and healthcare information to various companies that manage enormous databases that are accessible via the Internet. We simply assume these companies will keep our data safe.

Yet it seems like you cannot go more than a week without hearing about some new massive data breach affecting a company or government agency. With a few clicks of a keyboard, attackers can compromise millions of millions of user accounts. These attackers often have a fairly simple financial motive: They want to steal customer information that can then be resold to black market buyers.

Indeed, victims of data breaches are often unaware of the problem until long after the fact. By that point, their personal information is already in the hands of nefarious actors. It can take weeks or months–sometimes years–to clean up the mess, especially if a victim’s information has been used to open financial accounts in their name.

Saltz Mongeluzzi Bendesky P.C. is one of the leading data breach law firms serving clients in the Philadelphia region. If you, or a member of your family, has been the victim of a data breach or had their personal information compromised in any way, we can review your case and advise you of your options for seeking compensation under the law. Any company or government entity that keeps your personal data has a legal, ethical, and moral duty to safeguard that information from unauthorized persons. So when these rights are violated, you can and should be prepared to take action in defense of your rights.

What Happens When a Data Breach Occurs?

The term “data breach” broadly refers to any security incident where an unauthorized party accesses sensitive or confidential information contained in a computer system. Although the media often associates data breaches with cyberattacks or “hacking,” many data breaches are simply the result of organizations failing to follow the most basic safety procedures with respect to their information technology.

For example, about half of all data breaches are the result of an outside actor using stolen credentials–i.e., an authorized user’s login and password–to gain access to the system. Another common cause of data breaches is the use of automated programs (“bots”) to exploit vulnerabilities in an organization’s website applications. In many of these cases, the organization’s failure to keep their applications up-to-date with security patches is a significant factor in the success of these attacks.

Whatever the cause, however, any private or public organization that suffers a data breach has certain reporting obligations under the law. Every state, including Pennsylvania, requires organizations to notify affected individuals when their personal information is breached. What constitutes “personal information” can vary depending on the jurisdiction, but in general, we are talking about the types of data:

  • Social Security numbers;
  • driver’s license or state identification card numbers;
  • financial account numbers, including those associated with bank accounts and credit cards;
  • login credentials for a user account on a web-based application (usernames, passwords, answers to security questions, 2-factor authentication, et al.);
  • medical records; and
  • health insurance information.

In addition to notifying users, a business should also contact law enforcement as soon as they become aware of a data breach. In many cases, this means calling the FBI, the Secret Service, or a federal agency that has more substantial resources when it comes to investigating large-scale data breaches than local law enforcement. In fact, if a data breach involves personal health records, federal law requires the affected organization to notify the United States Department of Health and Human Services, as it falls under HIPAA regulations.

What Should You Do If You Are the Victim of a Data Breach?

If you are notified of a data breach involving your personal information, you need to be proactive. Do not just sit back and assume everything will be okay or that the company responsible for the breach will fix any problems. It is critical that you take certain basic steps to protect your finances and credit. Here are just a few steps you should consider:

  • If the company affected by the data breach offers you “free creditor monitoring” services, accept it.
  • Obtain copies of your credit reports from the three major reporting agencies. Under federal law, you are entitled to one free copy from each agency every year.
  • Consider placing a “credit freeze” with each of the credit reporting agencies; this prevents anyone from trying to open a new account in your name.
  • If the data breach affected your login credentials, change your password (and username, if possible). If you are no longer actively using the account, consider closing it altogether.
  • If the data breach included your debit or credit card number, contact the bank or financial institution and ask for a new card with a new number.

Schedule a Free Consultation With Our Philadelphia Data Breach Lawyer Today

Our Philadelphia Data Breach Lawyers Are Here To Help You

You should also contact an experienced data breach attorney as soon as possible. Depending on the federal or state laws violated, you may be entitled to seek statutory damages and compensation for losses that you suffered as a direct result of the data breach. You may also have grounds to file or join a consumer class action, which enables all victims of the same data breach to take appropriate legal action against the responsible organization.

Saltz Mongeluzzi Bedensky has a proven track record of multi-million dollar jury verdicts and out-of-court settlements in these kinds of class actions. We understand the complexity of building a compelling data breach lawsuit. We also know that a data breach can have a profound impact on your life and your family’s financial security. That is why we will make every effort to secure a favorable outcome on your behalf.

So if you have been recently notified of a data breach involving any of your personal information, contact Saltz Mongeluzzi Bendesky P.C. today to schedule a free case evaluation.