Wrigley Field, home of the Chicago Cubs
CHICAGO - The Chicago Cubs and their security contractors are accused in new lawsuits of illegally using face-scanning technology at Wrigley Field this season, allegedly violating Illinois’ stringent biometrics privacy law, with potentially hundreds of millions or even billions of dollars at stake.
On Sept. 15, Gabriel Berta filed a class action alleging violation of the Illinois Biometric Information Privacy Act. In addition to the Cubs, he named as defendants Blue Star Security, of Rosemont, and Security Services Holdings, which does business as Protos Security. He is represented by Blake Hunter Yagman, of the New York firm Spiro Harrison & Nelson.
Two days later, Jill Lichte also filed a complaint in federal court in Chicago against the same defendants. She is represented by Samuel Strauss, of Strauss Borrelli, Chicago. The cases since have been consolidated with the attorneys appointed to serve as co-lead counsel as the action proceeds.
“The Chicago Cubs unlawfully surveil guests to Wrigley Field; and, for both visitor and employee protection, use a complex apparatus consisting of software, employee training and hardware,” according to Berta’s complaint. “Wrigley Field deploys mass surveillance inclusive of facial recognition.”
Berta attended the July 4 game as a guest of another ticket holder. Lichte said she also attended as a guest, including on May 25 and Aug. 17.
According to the plaintiffs, the Cubs started using facial recognition technology in 2021. They said the team now uses Protos’ proprietary facial scanning software on Wrigley Field patrons but don’t comply with BIPA’s requirements to obtain informed written consent to collect such images, nor does the team provide its policies on data retention and destruction.
The plaintiffs said Blue Star employs more than 850 active and retired police officers. Southfield Capital, a Connecticut private equity firm, owns Protos and acquired Blue Star in September 2022. The lawsuits claim the “advanced digital security procedures” allow the Cubs and their contractors to enhance security for visitors to Wrigley Field without hiring additional security workers, and help the team reduce shoplifting at stadium stores.
Under the BIPA law, plaintiffs are allowed to demand damages of $1,000 or $5,000 per alleged violation. Under Illinois law, a violation is defined as the first time a person's biometrics are scanned, allegedly without authorization.
The Chicago Cubs regularly rank among Major League Baseball's most popular teams, as measured by fan attendance at Wrigley Field.
Since 2022, the Cubs have sold at least 2.6 million tickets per season, including 2.9 million in 2024. As of Sept. 22, the Cubs had sold nearly 2.8 million tickets during the 2025 season.
It is not publicly known how many of those fans attended multiple games at Wrigley Field in that span.
However, damage claims could quickly climb into the hundreds of millions or even billions of dollars, when multiplying BIPA's allowed per violation damages across, conservatively, hundreds of thousands of individual fans.
The complaints cited Blue Star’s written materials about its stadium security protocol and noted the Cubs hired Genetec before the 2023 season to install a new control center and deploy various hardware and software products. Both complaints quoted Doug Lindsay, the team’s vice president of security, who said “in the past, our security team would have a bunch of different platforms up concurrently. They’d have to know how to find information quickly. On a busy game day, when (we are) managing many different situations, that’s hard work. With (Genetec) Security Center, all that information is coming into one platform, so they can see what’s happening and focus exclusively on the tasks at hand. We’re definitely seeing a higher level of efficiency across our team.”
While Major League Baseball has a privacy policy, which includes a data deletion clause applicable to Illinois residents, the plaintiffs allege the policy isn’t given to Wrigley Field attendees and also doesn’t require written consent before collecting and biometric data. They further allege Wrigley’s own privacy policy doesn’t have any disclosures about collection of personal information.
In addition to the alleged BIPA violations, the complaints claim the “secretive collection, retention and use of biometric information demonstrates that the defendants violate Section 5 of the Federal Trade Commission Act — which protects against deceptive and unfair trade practices.”
They also claimed violations of the Illinois Consumer Fraud Act and alleged unjust enrichment. In addition to class certification, the plaintiffs seek damages and a court order requiring compliance with BIPA regulations, which they said would exceed $5 million. They further alleged the defendants fraudulently concealed their BIPA violations in a manner that would harness statutory limitations that might affect which patrons could be added to the class.
