Duane Morris Takeaway: This week’s episode features Duane Morris partners Jerry Maatman, Justin Donoho, Tyler Zmick, and Hayley Ryan with their discussion of the key trends and developments analyzed in the 2026 editions of the Privacy Class Action Review and the Data Breach Class Action Review.
Check out today’s episode and subscribe to our show from your preferred podcast platform: Spotify, Amazon Music, Apple Podcasts, Podcast Index, Tune In, Listen Notes, iHeartRadio, Deezer, and YouTube.
Episode Transcript
Jerry Maatman: Thank you, loyal blog listeners and readers. Thank you for joining us again for our next episode of our podcast, The Class Action Weekly Wire. I’m Jerry Maatman of Duane Morris, and joining me today are some of my favorite colleagues, Justin, Hayley, and Tyler. Thanks for joining us.
Justin Donoho: Thank you, Jared, great to be here.
Tyler Zmick: Thanks, Jerry, it’s a pleasure to be here today.
Hayley Ryan: Thanks for inviting me, Jerry.
Jerry: Today’s a great day, and an exciting one, because we’re announcing the publication and launch of two new Duane Morris publications: the 2026 Data Breach Class Action Review, and the 2026 Privacy Class Action Review. We’ve got a lot to unpack, because 2025 was a huge area and a lot happened in the class action space, and especially both with respect to data breach and privacy class action litigation. Let’s start with data breach – what happened in 2025?
Justin: Yes, Jerry, huge is the right word. If anyone thought data breach class actions were slowing down, 2025 pretty much put that theory to rest.
Hayley: Completely, Justin. Data breach class actions continue to be one of the fastest growing areas in complex litigation. At this point, it’s almost predictable. A breach gets reported, the headlines follow, and then the class actions aren’t that far behind.
Tyler: And, interestingly, it’s not just the massive breaches anymore – even smaller data incidents are triggering lawsuits, which really tells you a lot about how aggressive and sophisticated this litigation space has become.
Jerry: Let’s start with the numbers, because, in my view, they’re eye-popping. In the first half of 2025 alone, there were 944 data breach class actions filed – nearly 158 per month.
Justin: That’s right, Jerry, and by the end of the year, that number ballooned to over 1,822 filings. That’s a staggering volume by any measure.
Hayley: Absolutely, and what’s especially striking is the breadth of industries impacted. Finance, healthcare, tech, retail, education, professional service – no sector was immune in 2025.
Tyler: And many of these data breaches involved hundreds of millions of employee and consumer records, and that scale really drives everything. Litigation risk, settlement exposure, and also a company’s reputational harm.
Jerry: When you peel back the onion skin, what, in essence, is driving, this mushroom cloud of class actions in the data breach space is a big part of this, the kind of ‘evolving threat’ landscape.
Justin: Yes, absolutely, Jerry. Cybercriminals today are more sophisticated than ever before. Ransomware attacks, in particular, surged in 2025, with criminals demanding payment not to publish stolen data.
Hayley: And even paying the ransom doesn’t solve the problem. There’s no guarantee the data gets deleted, and many believe those payments just encourage more attacks.
Tyler: Then when you layer that on top of remote work, cloud storage, and increasingly complex IT environments, you end up with a recipe for more large-scale breaches, and as a result, more lawsuits.
Jerry: I think the statistics that we gathered and analyzed for 2025 also tell a story of increasing settlement values in the class action space. What do you see in terms of settlement numbers?
Justin: Yeah, those settlements are going higher. That’s being pushed by larger classes, more sensitive data, and courts are increasingly sympathetic to plaintiffs as well.
Hayley: And in addition, legal fees are also climbing, as these cases become more complex and specialized.
Tyler: Which is why proactive cybersecurity and incident response planning are just so critical in today’s day and age. Companies with tested response playbooks tend to fare much better, both operationally and in litigation. The Data Breach Class Action Review is therefore a crucial resource for corporate counsel and companies to have in their toolbox to understand this area of class action litigation.
Jerry: Well, that’s absolutely true. Let’s pivot now to the Privacy Class Action Review, because this is an area that’s heating up and accelerating just as fast, if not faster, with the law struggling to keep up with technological advancements.
Justin: Yes, data privacy, another one of my favorite topics. Companies are adopting technologies that allegedly collect web browsing, biometric, genetic, and other personal data, and plaintiffs are challenging nearly all of it, a lot nationwide – everywhere.
Hayley: Yes, adtech litigation exploded again in 2025, with aggressive theories under statutes like the VPPA, or the Video Privacy Protection Act, the ECPA, or the Electronic Communications Privacy Act, and CIPA, which is the California Invasion of Privacy Act, with widely inconsistent rulings on standing and consent.
Tyler: I would absolutely echo the inconsistent ruling point and the complexity that raises for companies. I would also note that we saw a divergence at the appellate level in 2025, specifically we had the Ninth Circuit narrowing the VPPA exposure when it comes to movie theaters, while the Seventh Circuit expanded consumer status when it comes to free online services.
Jerry: It also seemed from the case law and the rulings that Illinois remains ground zero for businesses, especially with respect to litigation over biometrics and genetic privacy with the BIPA statute continuing to generate massive filings, and the GIPA now just following closely behind. When you put all this in the mix, what are your prognostications for 2026 in terms of what this means for companies on the privacy front?
Justin: Jerry, based on the trends we’re seeing, I think we can expect continued growth in both data breach class actions and privacy class actions. We’re seeing lots of divergent rulings in a lot of these different areas. We’ll continue to see some forum shopping as a result as well, but generally continued growth.
Tyler: And settlement values will likely keep rising as well, especially where courts grant class certification. We will be on the lookout to see how plaintiffs in 2026 fare in obtaining class certification, given the low rate from 2025.
Jerry: Well, that underscores why we put these two new publications together for clients in terms of corporate toolkits for getting their arms around data breach and privacy risks in the class action space. It’s certainly turning into an increasingly high-stakes terrain. So, for anyone who wants to dig a little deeper, the reviews are available — at the right price: for free – on our blog and website. For the remainder of the year, we’ll certainly be continuing to cover and dig deep into data breach and privacy class action litigation developments, both on our blog and in the Class Action Weekly Wire. So, stay tuned! And thanks so much, Justin, Hayley, and Tyler, for joining us on this episode of the Class Action Weekly Wire.
Justin: Thank you, Jerry, and thank you, listeners.
Tyler: Glad to be a part of the podcast, and thank you all, listeners. Be sure to download your copy of the review.
Hayley: Thanks, Jerry. Thanks, everyone.