David Berger represents consumers in class action lawsuits with a special emphasis on data breach, privacy, and financial services litigation. With broad technical and IT expertise, David is widely regarded as a leader in the emerging fields of data breach and privacy law. His substantive technical knowledge ranges from hacking techniques and cybersecurity controls to industry standard IT practices, information security frameworks, and auditing processes. This unique background positions him to understand and sift through the relevant technical aspects of a case, competently interface with corporate IT executives, and negotiate settlement agreements that incorporate meaningful changes to business practices, all of which are critically important to ensure consumers’ data is appropriately protected.
Involved in Largest Nationwide Data Breach and Privacy Cases
David has represented data breach and privacy victims in some of the largest and most influential privacy cases throughout the country, including litigation against Equifax, Anthem, Adobe, Banner Health, and Excellus BlueCross BlueShield.
Equifax: Due to his technical experience, he played a significant role in the Equifax settlement negotiations, winning an historic $1.5 billion on behalf of 147 million consumers whose Social Security numbers and other private data were exposed in a 2017 breach.
Anthem: In the Anthem Data Breach case, David led a team of 40 attorneys tasked with demonstrating the flaws in Anthem’s cybersecurity. In just 6 months, Plaintiffs reviewed millions of pages of documents and took or defended 200 depositions. David then led the injunctive relief negotiations, obtaining hundreds of millions of dollars in improved security controls to protect class members’ data.
David holds the Certified Information Privacy Technologist (CIPT) certification through the International Association of Privacy Professionals, which is a program primarily designed for career technology professionals and not by attorneys.
Outside of his litigation experience, David is an active member of the class action legal community, He is the chair of the American Association for Justice’s Consumer Privacy and Data Breach Litigation Group. He is also an active member of The Sedona Conference’s Working Group on Data Security and Privacy Liability, which identifies and comments on trends in data security and privacy jurisprudence to move the law forward in a reasoned and just way. David was a member of The Sedona Conference’s Biometric Security Brainstorming Group, and was recently selected to be a part of the Breach Notification Statutes Brainstorming Group. David also is frequently invited to present at conferences and symposia on information security and privacy issues and consumer class action.
In securing what was described by the court as “the largest and most comprehensive recovery in a data breach case in U.S. history by several orders of magnitude,” David played an integral role by negotiating key business practice changes including overhauling Equifax’s handling of consumers’ personal information and data security and requiring that the company spend at least $1 billion for data security and related technology over five years in addition to comprehensive technical and governance reforms.
Key member of the litigation team representing interests of plaintiffs and putative class members following massive data breach of approximately 80 million personal records, including names, dates of birth, Social Security numbers, health care ID numbers, email and physical addresses, employment information, and income data.
Key member of the litigation team representing up to 3.7 million people whose personal health and other sensitive information were exposed in a large-scale 2016 data breach. Played instrumental role in negotiating terms of the settlement, including two years of credit monitoring protections, cash payments for each class member up to $10,000, and robust changes to future business practices.
Interim Co-lead Counsel in ongoing litigation against MGM, following the 2020 data breach in which the personal data of 10.6 million MGM customers was stolen and posted on underground hacking forums.