Data breach litigation targets wine company: Lessons for alcohol industry players – McDermott Will & Emery

On July 30, 2025, a wine producer was sued in connection with a cyberattack that allegedly compromised the data of at least 26,000 customers. Among other things, the complaint alleges that the company failed to implement reasonable security measures and failed to provide timely and sufficient notice of the data breach.
This incident underscores the vulnerability of companies handling sensitive customer information. Alcohol companies – especially those selling direct to consumer – collect and store high-value personal data to verify age, process payments, manage memberships, and ship products across state lines. This case highlights the need for alcohol companies to evaluate and strengthen their cybersecurity and privacy programs today to minimize legal risk and reputational harm tomorrow.
On July 30, 2025, Plaintiff Joanne Kaplan filed a class action complaint in California Superior Court in Napa County against Crimson Wine Group, Ltd. (CWG). The complaint alleges that a cyberattack between June 26 and June 30, 2024, compromised the personal data of at least 26,000 CWG customers, including names, addresses, Social Security numbers, driver’s license numbers, financial information, medical information, and dates of birth. CWG sent data breach notices to affected individuals and state regulators (including the Texas and Vermont attorneys general) on or about December 13, 2024.
Key allegations include:
If you need help reducing your litigation risk, please contact Alva Mather.
Related sites:
Schulte    McDermott+   Farragut Square Group
Attorney Advertising
© 2025 McDermott Will & Schulte

source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.