Decades of Experience
Fighting for Consumers.

Data Breach Lawyers.
More than 50 years of landmark results.

Free Case Evaluation

On the Cutting Edge of Data Breach Litigation

Securing recoveries for consumers and financial institutions harmed by all forms of data breach cyberattacks, including data security vulnerabilities, malware, and ransomware attacks.
Shaping the Landscape of Data Breach Law
Lowey Dannenberg has become a leader in the burgeoning data breach litigation field, filing some of the most nuanced and cutting-edge class actions on behalf of consumers and financial institutions, including those affecting tens of millions of customers across the hospitality, healthcare, and retail industries. Courts have recognized these skills, appointing Lowey Dannenberg’s attorneys as interim class counsel in several recent data breach class actions. Since its founding in 1967, Lowey Dannenberg has represented consumers and financial institutions in complex class actions, recovering billions of dollars on their behalf.

On the Cutting Edge of Data Breach Litigation​

Securing recoveries for consumers and financial institutions harmed by all forms of data breach cyberattacks, including data security vulnerabilities, malware, and ransomware attacks.
Shaping the Landscape of Data Breach Law
Lowey Dannenberg has become a leader in the burgeoning data breach litigation field, filing some of the most nuanced and cutting-edge class actions on behalf of consumers and financial institutions, including those affecting tens of millions of customers across the hospitality, healthcare, and retail industries. Courts have recognized these skills, appointing Lowey Dannenberg’s attorneys as interim class counsel in several recent data breach class actions. Since its founding in 1967, Lowey Dannenberg has represented consumers and financial institutions in complex class actions, recovering billions of dollars on their behalf.

Data Breach Practice Areas

Lowey Dannenberg represents consumers and financial institutions who are victims of data breaches in the following areas:

• Payment Card (Credit or Debit Card) Data Breaches

• Healthcare Data Breaches (i.e., Protected Health Information (ePHI))

• Social Security Number Data Breaches

• Driver’s License Number Data Breaches (i.e., Driver’s Privacy Protection Act (DPPA) Litigation)

• Malware Attacks

• Ransomware Attacks

• Credential Stuffing

• Phishing Schemes

• “Dark Web” Data Leaks

Data Breach Practice Areas

Lowey Dannenberg represents consumers and financial institutions who are victims of data breaches in the following areas:

• Payment Card (Credit or Debit Card) Data Breaches

• Healthcare Data Breaches (i.e., Protected Health Information (ePHI))

• Social Security Number Data Breaches

• Driver’s License Number Data Breaches (i.e., Driver’s Privacy Protection Act (DPPA) Litigation)

• Malware Attacks

• Ransomware Attacks

• Credential Stuffing

• Phishing Schemes

• “Dark Web” Data Leaks

Ground-Breaking Decisions

Frasco v. Flo Health, Inc

In In re USAA Data Security Litigation up in Massachusetts, Lowey Dannenberg was one of the first firms in the country to defeat a motion to dismiss Drivers Privacy Protection Act claims arising out of an insurance company’s auto-populate feature that disclosed consumers’ private motor vehicle records to hackers and other unwanted third parties.
And in Pennsylvania, Lowey Dannenberg’s successful lawyering led to the first Pennsylvania federal court decision (In re Rutter’s Inc. Data Security Breach Litigation, Case No. 20-cv-00382 (M.D. Pa.) to recognize a company’s duty to safeguard credit and debit card information in its possession.

Ground-Breaking Decisions

In In re USAA Data Security Litigation up in Massachusetts, Lowey Dannenberg was one of the first firms in the country to defeat a motion to dismiss Drivers Privacy Protection Act claims arising out of an insurance company’s auto-populate feature that disclosed consumers’ private motor vehicle records to hackers and other unwanted third parties.
And in Pennsylvania, Lowey Dannenberg’s successful lawyering led to the first Pennsylvania federal court decision (In re Rutter’s Inc. Data Security Breach Litigation, Case No. 20-cv-00382 (M.D. Pa.) to recognize a company’s duty to safeguard credit and debit card information in its possession.

Our Experts: Ready To Help

Christian Levis

Partner

Christian Levis is a Partner at Lowey Dannenberg’s New York office and is a founding member and head of the firm’s data breach practice group. An avid computer programmer with experience developing both iOS and Android apps, Mr. Levis has extensive experience litigating data breach class actions involving complex technologies. Mr. Levis serves as lead counsel in several prominent data breach cases, including in In re Rutter’s Inc. Data Security Breach Litigation, Case No. 20-cv-00382 (M.D. Pa.), In re Wawa Data Security Litigation, Case No. 19-cv-06019 (GEKP) (E.D. Pa.), and In re USAA Data Security Litigation, No. 21-cv-05813 (S.D.N.Y.). His leadership helped secure a multi-million dollar settlement in Barr v. Drizly, LLC, Case No. 20-CV-11492 (D. Mass.).

Mr. Levis is a member of the New York State Bar Association’s Committee on Technology and the Legal Profession and is an expert in the use of analytics and technology-assisted document review in large class actions. Mr. Levis has been selected as a Rising Star by Super Lawyers® Magazine in 2021 and 2022.

Mr. Levis received his law degree from Fordham University School of Law in 2012, where he was the Associate Editor of the Fordham Intellectual Property, Media and Entertainment Law Journal. Mr. Levis received the Abraham Abramovsky Award for outstanding achievement in trial advocacy in 2012. He also currently teaches as an Adjunct Professor of Trial Advocacy at Fordham University School of Law. Prior to joining Lowey Dannenberg, Mr. Levis clerked for The Honorable Jessica R. Mayer of the Superior Court of New Jersey and was involved in several mass tort cases involving pharmaceuticals and medical devices.

Mr. Levis is admitted to practice law in New York and New Jersey, the U.S. Court of Appeals for the Second and Ninth Circuits, and the U.S. District Courts for the Southern and Eastern Districts of New York, the Districts of New Jersey, District of Columbia, Nebraska, and Colorado.

Amanda Fiorilla

Associate

Amanda G. Fiorilla is an Associate at Lowey Dannenberg’s New York office and is a founding member of the firm’s data breach practice group. She, along with other members of the firm’s privacy and data breach practice groups, serve as co-lead counsel in In re USAA Data Security Litigation, No. 21-cv-05813 (S.D.N.Y.). Their efforts resulted in one of the first decisions of its kind to sustain Drivers Privacy Protection Act claims arising out of an insurance company’s auto-populate feature that disclosed consumers’ private motor vehicle records to hackers and other unwanted third parties. Ms. Fiorilla was part of the team who successfully litigated Barr v. Drizly, LLC, Case No. 20-CV-11492 (D. Mass.), resulting in a multi-million-dollar settlement on behalf of millions of consumers impacted by a data breach at one of the largest alcohol delivery companies.

Ms. Fiorilla received her law degree magna cum laude from Pace Law School in January 2019, where served as Editor-in-Chief of THE PACE LAW REVIEW, President of the Corporate & Commerical Law Society, and Opinions Editor for the School’s online newspaper Hearsay. Ms. Fiorilla was also a research assistant and Dean’s Scholar in the subjects of Property and Civil Procedure. Ms. Fiorilla previously served as a judicial extern to The Honorable Patty Shwartz of the U.S. Court of Appeals for the Third Circuit.

Ms. Fiorilla has been selected as a Rising Star by Super Lawyers® Magazine in 2022.

Ms. Fiorilla is admitted to practice law in New York and New Jersey, the U.S. District Courts for the Southern and Eastern Districts of New York, and the District of New Jersey.

Anthony Christina

Associate

Anthony M. Christina is an Associate at Lowey Dannenberg’s Pennsylvania office and is a founding member of the firm’s data breach practice group. Mr. Christian’s efforts were fundamental in securing key wins in In re Rutter’s Inc. Data Security Breach Litigation, Case No. 20-cv-00382 (M.D. Pa.), where he represents a class of consumers allegedly affected by malware installed on Rutter’s payment card system, and in In re Wawa Data Security Litigation, Case No. 19-cv-06019 (E.D. Pa.), a data breach that is estimated to have compromised over 30 million records.

Mr. Christina has been selected as a Rising Star by Super Lawyers® Magazine in 2021, 2022, and 2023.

Mr. Christina received his law degree from the Dickinson School of Law in 2016, where he served as a resident forum blogger for the Penn State Law Review and on the Journal of Law and International Affairs. Mr. Christina previously worked for Pennsylvania Office of Attorney General and served as a judicial extern for The Honorable Kim R. Gibson of the U.S. District Court for the Western District of Pennsylvania.

Mr. Christina is admitted to practice law in Pennsylvania, New Jersey, Washington D.C., the U.S. Court of Appeals for the Third Circuit, the U.S. District Courts for the Eastern, Middle, and Western Districts of Pennsylvania, the Districts of New Jersey, District of Columbia, Nebraska, and Colorado.

Rachel Kesten

Associate

Rachel Kesten is an Associate at Lowey Dannenberg’s New York office and is a member of the firm’s data breach practice group. Ms. Kesten received her law degree from Pace Law School in 2018, where served as Executive Productions Editor of THE PACE LAW REVIEW. Ms. Kesten was also a research assistant and participated in the Federal Judicial Honors Program, serving as a judicial extern to The Honorable Lisa Margaret Smith of the Southern District of New York.
Rachel Kesten is admitted to practice law in New York.

Our Experts: Ready To Help

Christian Levis

Partner

Christian Levis is a Partner at Lowey Dannenberg’s New York office and is a founding member and head of the firm’s data breach practice group. An avid computer programmer with experience developing both iOS and Android apps, Mr. Levis has extensive experience litigating data breach class actions involving complex technologies. Mr. Levis serves as lead counsel in several prominent data breach cases, including in In re Rutter’s Inc. Data Security Breach Litigation, Case No. 20-cv-00382 (M.D. Pa.), In re Wawa Data Security Litigation, Case No. 19-cv-06019 (GEKP) (E.D. Pa.), and In re USAA Data Security Litigation, No. 21-cv-05813 (S.D.N.Y.). His leadership helped secure a multi-million dollar settlement in Barr v. Drizly, LLC, Case No. 20-CV-11492 (D. Mass.).

Mr. Levis is a member of the New York State Bar Association’s Committee on Technology and the Legal Profession and is an expert in the use of analytics and technology-assisted document review in large class actions. Mr. Levis has been selected as a Rising Star by Super Lawyers® Magazine in 2021 and 2022.

Mr. Levis received his law degree from Fordham University School of Law in 2012, where he was the Associate Editor of the Fordham Intellectual Property, Media and Entertainment Law Journal. Mr. Levis received the Abraham Abramovsky Award for outstanding achievement in trial advocacy in 2012. He also currently teaches as an Adjunct Professor of Trial Advocacy at Fordham University School of Law. Prior to joining Lowey Dannenberg, Mr. Levis clerked for The Honorable Jessica R. Mayer of the Superior Court of New Jersey and was involved in several mass tort cases involving pharmaceuticals and medical devices.

Mr. Levis is admitted to practice law in New York and New Jersey, the U.S. Court of Appeals for the Second and Ninth Circuits, and the U.S. District Courts for the Southern and Eastern Districts of New York, the Districts of New Jersey, District of Columbia, Nebraska, and Colorado.

Amanda Fiorilla

Associate

Amanda G. Fiorilla is an Associate at Lowey Dannenberg’s New York office and is a founding member of the firm’s data breach practice group. She, along with other members of the firm’s privacy and data breach practice groups, serve as co-lead counsel in In re USAA Data Security Litigation, No. 21-cv-05813 (S.D.N.Y.). Their efforts resulted in one of the first decisions of its kind to sustain Drivers Privacy Protection Act claims arising out of an insurance company’s auto-populate feature that disclosed consumers’ private motor vehicle records to hackers and other unwanted third parties. Ms. Fiorilla was part of the team who successfully litigated Barr v. Drizly, LLC, Case No. 20-CV-11492 (D. Mass.), resulting in a multi-million-dollar settlement on behalf of millions of consumers impacted by a data breach at one of the largest alcohol delivery companies.

Ms. Fiorilla received her law degree magna cum laude from Pace Law School in January 2019, where served as Editor-in-Chief of THE PACE LAW REVIEW, President of the Corporate & Commerical Law Society, and Opinions Editor for the School’s online newspaper Hearsay. Ms. Fiorilla was also a research assistant and Dean’s Scholar in the subjects of Property and Civil Procedure. Ms. Fiorilla previously served as a judicial extern to The Honorable Patty Shwartz of the U.S. Court of Appeals for the Third Circuit.

Ms. Fiorilla has been selected as a Rising Star by Super Lawyers® Magazine in 2022.


Ms. Fiorilla is admitted to practice law in New York and New Jersey, the U.S. District Courts for the Southern and Eastern Districts of New York, and the District of New Jersey.

Anthony Christina

Associate

Anthony M. Christina is an Associate at Lowey Dannenberg’s Pennsylvania office and is a founding member of the firm’s data breach practice group. Mr. Christian’s efforts were fundamental in securing key wins in In re Rutter’s Inc. Data Security Breach Litigation, Case No. 20-cv-00382 (M.D. Pa.), where he represents a class of consumers allegedly affected by malware installed on Rutter’s payment card system, and in In re Wawa Data Security Litigation, Case No. 19-cv-06019 (E.D. Pa.), a data breach that is estimated to have compromised over 30 million records.

Mr. Christina has been selected as a Rising Star by Super Lawyers® Magazine in 2021, 2022, and 2023.

Mr. Christina received his law degree from the Dickinson School of Law in 2016, where he served as a resident forum blogger for the Penn State Law Review and on the Journal of Law and International Affairs. Mr. Christina previously worked for Pennsylvania Office of Attorney General and served as a judicial extern for The Honorable Kim R. Gibson of the U.S. District Court for the Western District of Pennsylvania.

Mr. Christina is admitted to practice law in Pennsylvania, New Jersey, Washington D.C., the U.S. Court of Appeals for the Third Circuit, the U.S. District Courts for the Eastern, Middle, and Western Districts of Pennsylvania, the Districts of New Jersey, District of Columbia, Nebraska, and Colorado.

Rachel Kesten

Associate

Rachel Kesten is an Associate at Lowey Dannenberg’s New York office and is a member of the firm’s data breach practice group. Ms. Kesten received her law degree from Pace Law School in 2018, where served as Executive Productions Editor of THE PACE LAW REVIEW. Ms. Kesten was also a research assistant and participated in the Federal Judicial Honors Program, serving as a judicial extern to The Honorable Lisa Margaret Smith of the Southern District of New York.
Rachel Kesten is admitted to practice law in New York.

Publications

Data Breach Plaintiffs Still Face Circuit Conflict on Standing, Bloomberg Law (June 15, 2021)

Some Credit Unions Have Received Settlements; Should You Take Your Situation to Court?, CU Management, (Mar. 10, 2020).

Publications

Data Breach Plaintiffs Still Face Circuit Conflict on Standing, Bloomberg Law (June 15, 2021)

Some Credit Unions Have Received Settlements; Should You Take Your Situation to Court?, CU Management, (Mar. 10, 2020).

Landmark Outcomes

Lowey Dannenberg served as court-appointed class counsel on behalf of millions of consumers impacted by a data breach at one of the largest alcohol delivery companies, Drizly LLC (“Drizly”). On March 30, 2021, U.S. District Judge Leo T. Sorokin granted preliminary approval of a settlement in which Drizly agreed to pay a total of no less than $1,050,000 and no more than $3,150,000, and issue service credits up to $447,750. Drizly also agreed to implement and maintain sufficient data security measures to prevent future data breaches. On November 22, 2021, the Court granted final approval of the settlement. As a result of Lowey Dannenberg’s robust notice program, Drizly paid the maximum amount under the terms of the settlement.
Lowey Dannenberg serves as interim co-lead class counsel in a class action against one of the Mid Atlantic’s largest convenience store and gas station chains, Wawa, Inc. (“Wawa”), on behalf of a class of financial institutions (i.e., banks and credit unions) affected by Wawa’s failure to properly secure their card processing system. As a result of Wawa’s conduct, unauthorized third parties were able to gain access to customers’ payment card information for over nine months. The data breach is estimated to have impacted more than 30 million individuals at 850 locations. Judge Gene E.K. Pratter of the U.S. District Court for the Eastern District of Pennsylvania sustained several of Plaintiffs’ claims, including negligence and injunctive relief. Significantly, the Court rejected Wawa’s argument that the economic loss doctrine bars recovery in tort for negligence claims because no duty independent of contract exists, holding that under the Pennsylvania Supreme Court decision in Dittman v. UMPC, 196 A.3d 1036 (Pa. 2018), that “Pennsylvania law, post Dittman, imparts on companies an independent duty to reasonably secure their payment systems.” Furthermore, the Court found that, “Wawa’s affirmative conduct, in collecting payment card information and storing it in an insecure manner, created a risk of foreseeable harm from third parties and led to a data breach that proximately caused the Institutions’ alleged injuries.”
On November 17, 2021, District Judge Vincent L. Briccetti appointed Lowey Dannenberg as interim co-lead class counsel representing a proposed class of consumer plaintiffs. The case alleges that United Services Automobile Association (“USAA”) allowed unauthorized third parties to intentionally target and improperly obtain Plaintiffs’ and class members’ personally identifiable information, including Driver’s license numbers, through the use of USAA’s online insurance quote and/or policy process. The Court sustained several of Plaintiffs’ key claims, including the Driver’s Privacy Protection Act (“DPPA”), negligence, negligence per se, and Declaratory Judgment Act claims to go forward. Significantly, the Court sustained Plaintiffs’ DPPA claim and found that USAA’s voluntary decision to automatically pre-fill its quote forms with driver’s license numbers constituted a ‘knowing disclosure’ of personal information, under 18 U.S.C. § 2724(a). The DPPA comes with statutory damages in the amount of $2,500 per violation.
Lowey Dannenberg is serving as interim co-lead class counsel in a class action on behalf of consumers against C H R Corporation d/b/a Rutter’s (“Rutter’s”). The action arises out of Rutter’s failure to secure its point-of-sale system, which allowed hackers to compromise customers’ payment card information. The data breach is estimated to have lasted approximately eight months. Chief Judge John E. Jones, III of the U.S. District Court for the Middle District of Pennsylvania sustained several of Plaintiffs’ key claims, including negligence, breach of implied contract, and unjust enrichment. During discovery, Lowey Dannenberg successfully argued that Rutter’s must turn over investigative reports and communications prepared by third party consultants, which Rutter’s argued were protected by the attorney-client privilege and work product doctrine.
Lowey Dannenberg recently settled a class action against PrimoHoagies Franchising, Inc. (“PrimoHoagies”) arising out of the company’s deficient data security that exposed consumers’ personal data, including payment card information. The data breach is estimated to have lasted seven months, impacting dozens of locations across seven states.

Recognition

Are you the victim of a data breach?
LOWEY may be able to help.

Our attorneys can assist you with evaluating your claims when you are a victim of a data breach. This evaluation is free and of no cost to you. We only receive a legal fee if we file a case on your behalf and are able to recover compensation for you.

Free Case Evaluation