Accellion Data Breach Lawsuit Narrowed as California Judge Rejects Expanded Class Certification
On July 9, 2026, a federal judge in the U.S. District Court for the Northern District of California denied plaintiffs’ attempt to broaden class certification in a lawsuit against software vendor Accellion over a major data breach. The ruling upheld a prior decision limiting class members to nominal damages, despite the introduction of a new damages expert by the plaintiffs.
The case stems from a sprawling cybersecurity incident involving Accellion’s legacy file-transfer software, which exposed sensitive data across multiple organizations. While the plaintiffs sought to expand the scope of recoverable damages, the court determined that the new expert testimony did not sufficiently alter the legal outcome.
The decision maintains the existing framework for the lawsuit, restricting compensation to symbolic amounts rather than broader financial or punitive damages. The ruling underscores the challenges plaintiffs face in securing expanded relief in data breach litigation, particularly when nominal damages are the primary avenue for recovery.
Source: https://www.law360.com/articles/2499334/accellion-defeats-bid-to-expand-classes-in-data-breach-suit
Accellion TPRM report: https://www.rankiteo.com/company/accelionway
"id": "acc1783657589",
"linkid": "accelionway",
"type": "Breach",
"date": "7/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Multiple organizations',
'industry': 'Technology',
'location': 'United States',
'name': 'Accellion',
'type': 'Software Vendor'}],
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Sensitive data'},
'description': 'A federal judge in the U.S. District Court for the Northern '
'District of California denied plaintiffs’ attempt to broaden '
'class certification in a lawsuit against software vendor '
'Accellion over a major data breach. The ruling upheld a prior '
'decision limiting class members to nominal damages, despite '
'the introduction of a new damages expert by the plaintiffs. '
'The case stems from a sprawling cybersecurity incident '
'involving Accellion’s legacy file-transfer software, which '
'exposed sensitive data across multiple organizations.',
'impact': {'data_compromised': 'Sensitive data',
'legal_liabilities': 'Lawsuit with nominal damages',
'systems_affected': 'Accellion’s legacy file-transfer software'},
'post_incident_analysis': {'root_causes': 'Legacy software vulnerabilities'},
'references': [{'date_accessed': '2026-07-09',
'source': 'U.S. District Court for the Northern District of '
'California'}],
'regulatory_compliance': {'legal_actions': 'Lawsuit'},
'title': 'Accellion Data Breach Lawsuit Narrowed as California Judge Rejects '
'Expanded Class Certification',
'type': 'Data Breach',
'vulnerability_exploited': 'Legacy file-transfer software vulnerabilities'}