Fri, Nov 5, 2021

Examining a Data Breach Class Action with Multiple Types of Claims

Data Breach Class Action with Multiple Types of Claims

Hutton v. National Board of Examiners in Optometry, Inc., Case no. 1:16-cv-03025-JKB (District Court of Maryland)

In the summer of 2016, an alleged data security breach occurred at the National Board of Examiners in Optometry, Inc. (NBEO). Every optometry student had to submit personal information to NBEO to sit for certifying exams, and the NBEO retained that information for the credentialing of optometrists that moved from state to state. The Plaintiffs alleged they had been the victims of identity fraud after their personal information was compromised by a data breach of NBEO’s data systems.

This was a common fund settlement in which the NBEO agreed to pay a total of $3.25 million.

Administration Setup

Data breach and privacy settlements require significant planning and consideration to successfully navigate and aid class members through their options.

Prior to sending notice to class members, our team built a settlement website with functionality for class members to use an online claim form that allowed for narrative descriptions and the ability to upload supporting documents. We also trained live operators and set up an interactive voice response (IVR) system.

In addition to the mailed and emailed notice, our media team employed a targeted social media notice campaign on Facebook and Instagram, placed e-newsletter display banner ads with the American Optometric Association and the Canadian Association of Optometrists, and issued a PR Newswire press release.


We mailed an 18-page notice package to approximately 61,000 class members. The package included a 12-page notice and a 6-page claim form. Class members could complete and return their paper claim form or file a claim on the settlement website. Email notice was also sent to class members, including a link directly to the NBEO settlement website.

Every mailed and emailed notice contained each class member’s unique class member ID. By requiring a unique class member ID to access the online claim form, the risk of fraudulent claims was greatly reduced.

Three Different Types of Claims

Class members could claim three different types of compensation in this settlement:

  • Reimbursement for out-of-pocket losses up to $7,500: Claimants were required to identify the type of loss, the approximate date(s) of the loss, the amount lost and provide supporting documentation.
  • Attested time: This compensated for time spent remedying issues related to the data breach at $25 per hour. Claimants could claim up to 20 hours by providing a brief description of actions taken in response to the data breach; no documentation was required. Claimants could claim up to 40 hours by providing a detailed description of the actions taken in response to the data breach and any available documentation of fraud and/or identity theft that made this expenditure of time necessary. Claims for attested time were capped at $1,000.
  • Three-bureau credit monitoring: This entitled claimants to three years of three-bureau credit monitoring.

In addition, all class members received identity restoration services without needing to file a claim.

Complex Claims Processing

We received 611 paper claim forms and 5,750 online claim forms, for a total of 6,364 claims received. Our team reviewed the detailed six-page claim forms and supporting documents for completeness. The claim form required claimants to provide multiple narrative descriptions in support of their claims for attested time and out-of-pocket losses. If a claim form contained a deficiency, a deficiency letter was mailed offering the claimant 30 days to cure the deficiency, and we assisted claimants in resolving their deficiencies. 


We mailed 4,566 checks. Claimants who did not cash their checks within a certain amount of time were mailed letters reminding them to cash their checks and to contact us for replacement checks if needed. Through these efforts, we were able to successfully distribute over 98% of the net settlement fund.

We emailed 4,882 credit monitoring codes and mailed 552 credit monitoring codes to those class members for whom we did not have an email address.

By the Numbers
  • Fund distribution: 98%
  • Notice packages mailed: 60,970
  • Notice packages emailed: 34,100
  • Objections: 0
  • Exclusions:16
  • Contact center calls received: over 1,100
  • Settlement website visits: over 30,000
  • Total claims: 6,361
  • Out of pocket claims: 900
  • Attested time claims: 4,547
  • Credit monitoring claims: 5,434


In response to this sensitive alleged data breach, our team worked to efficiently notify class members of their rights and options. With a carefully planned notice program, thoroughly trained contact center staff, and a secure settlement website built to handle multiple types of claims and supporting documents, we successfully processed over 6,000 complex lengthy claim forms.

Settlement Administration

Kroll is the leader in complex settlement administration providing end-to-end expertise for class actions, mass torts, and regulatory and government administrations.