David Berger

David Berger


(510) 350-9713

David Berger represents consumers in class action lawsuits with a special emphasis on data breach, privacy, and financial services litigation. With broad technical and IT expertise, David is widely regarded as a leader in the emerging fields of data breach and privacy law. His substantive technical knowledge ranges from hacking techniques and cybersecurity controls to industry standard IT practices, information security frameworks, and auditing processes.  This unique background positions him to understand and sift through the relevant technical aspects of a case, competently interface with corporate IT executives, and negotiate settlement agreements that incorporate meaningful changes to business practices, all of which are critically important to ensure consumers’ data is appropriately protected.

Wonderful experience with everyone at Gibbs Law Group! Kept me in the loop as the case was progressing and were always available and willing to answer any questions.

- Elizabeth D.

[David Berger has] especially strong expertise in handling data breach class action litigation.

- United States District Judge, Northern District of California

  • California
  • awards+

    Super Lawyer, Northern California Super Lawyers, 2021-2023

    Rising Star, Northern California Super Lawyers, 2016-2018

    Certificate of Recognition, American Association for Justice, 2022

    • J.D., Northwestern University School of Law, 2008
    • B.A., University of Wisconsin, Madison, 1998
    • American Association for Justice’s Consumer Privacy and Data Breach Litigation Group (Former Chair)
    • Member, Sedona Conference’s Working Group on Data Security and Privacy Liability
    • Co-Chair, Sedona Conference’s WG11 Brainstorming Group “Exploring Greater Efficiencies in Data Breach and Privacy Class Action Litigation”
    • Consumer Attorneys of California
    • National Civil Justice Institute
    Presentations & Articles+

    Cybersecurity Issues Affecting Health Benefit Plans

    U.S. Department of Labor, Advisory Council on Employee Welfare and Pension Benefit Plans

    July 20, 2022

    Internet Data Accumulation and Protection

    Pound Civil Justice Institute, The Internet and the Law: Legal Challenges in the New Digital Age

    November 6-7, 2021

    Facial Recognition Technology Bans

    The Sedona Conference, Annual Meeting of Working Group 11 on Data Security and Privacy Liability

    April 14-15, 2021

    Privacy and Data Breach Class Actions

    Western Alliance Bank Class Action Law Forum 2020

    March 4-5, 2020

    Communicating With The Class

    Class Action Mastery Forum

    January 2019

    Hot Topics in Consumer Class Actions Against Insurers: Filed Rate Doctrine, Standing, and Reverse Preemption of RICO Claims

    Sacramento California Insurance Regulation and Litigation Seminar, Clyde & Co.

    March 2018

    Winning strategies in privacy and data security class actions: the plaintiffs' perspective

    Berkeley Center for Law & Technology, Boalt Hall School of Law

    January 2017

    Don’t be Spokeo’d: What You Need to Know in Litigating Data Breach Cases (from breach to remedies)

    ABA Business Law Section Annual Meeting

    September 2016

    Developments in ‘E-Commerce’ Class Actions and Privacy Law

    Perrin Class Action Litigation Conference

    May 2016

    Data Breach Class Action Litigation

    Mass Torts Made Perfect Conference

    April 2016

    Defenses in Data Breach Litigation and Cases Against Responsible Third Parties

    HB Litigation Data Breach and Privacy Litigation Conference

    February 2016

    Pleading and Litigation Consumer Data Breach Cases

    Consumer Attorneys of California Hawaii Travel Seminar

    December 2015

    Involved in Largest Nationwide Data Breach and Privacy Cases

    David has represented data breach and privacy victims in some of the largest and most influential privacy cases throughout the country, including litigation against Equifax, Anthem, Adobe, Banner Health, and Excellus BlueCross BlueShield.

    Equifax: Due to his technical experience, he played a significant role in the Equifax settlement negotiations, winning an historic $1.5 billion on behalf of 147 million consumers whose Social Security numbers and other private data were exposed in a 2017 breach.

    Anthem: In the Anthem Data Breach case, David led a team of 40 attorneys tasked with demonstrating the flaws in Anthem’s cybersecurity.  In just 6 months, Plaintiffs reviewed millions of pages of documents and took or defended 200 depositions. David then led the injunctive relief negotiations, obtaining hundreds of millions of dollars in improved security controls to protect class members’ data.

    Outside of his litigation experience, David is an active member of the class action legal community. He is the former chair of the American Association for Justice’s Consumer Privacy and Data Breach Litigation Group.  He is also an active member of The Sedona Conference’s Working Group on Data Security and Privacy Liability, which identifies and comments on trends in data security and privacy jurisprudence to move the law forward in a reasoned and just way.  David was a member of The Sedona Conference’s Biometric Security Brainstorming Group, and was recently selected to be a part of the Breach Notification Statutes Brainstorming Group. David also is frequently invited to present at conferences and symposia on information security and privacy issues and consumer class actions.

    Litigation Highlights

    In re Equifax, Inc. Customer Data Security Breach Litigation

    In securing what was described by the court as “the largest and most comprehensive recovery in a data breach case in U.S. history by several orders of magnitude,” David played an integral role by negotiating key business practice changes including overhauling Equifax’s handling of consumers’ personal information and data security and requiring that the company spend at least $1 billion for data security and related technology over five years in addition to comprehensive technical and governance reforms.

    In re Anthem, Inc. Data Breach Privacy Litigation

    Key member of the litigation team representing interests of plaintiffs and putative class members following massive data breach of approximately 80 million personal records, including names, dates of birth, Social Security numbers, health care ID numbers, email and physical addresses, employment information, and income data.

    In re Banner Health Data Breach Litigation

    Key member of the litigation team representing up to 3.7 million people whose personal health and other sensitive information were exposed in a large-scale 2016 data breach. Played instrumental role in negotiating terms of the settlement, including two years of credit monitoring protections, cash payments for each class member up to $10,000, and robust changes to future business practices.

    In re Equifax, Inc. Fair Credit Reporting Act Litigation

    Court-appointed Interim Co-lead counsel in ongoing litigation against Equifax related to the company reporting inaccurate credit information on approximately 2.5 million Americans who applied for mortgages, loans, and credit cards between March 17 and April 6, 2022.

    Smallman v. MGM Resorts International

    Interim Co-lead Counsel in ongoing litigation against MGM, following the 2020 data breach in which the personal data of 10.6 million MGM customers was stolen and posted on underground hacking forums.

    In re Sequoia Benefits Data Breach Litigation

    Court-appointed Interim Class Counsel in ongoing litigation against Sequoia Benefits regarding the 2022 data breach which exposed and compromised the sensitive information of numerous employees, including Social Security numbers, member IDs, and wage data.