As predicted, the start of 2019 provided scant respite from the frenetic pace of privacy and cybersecurity developments during 2018. This past month alone, in a blizzard of activity, regulators amended regulations and...more
In recent years, the insurance and financial services industries have been targets of high profile data breaches. The breached companies – themselves the victims of cyberattacks – often face putative class actions by...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the Identity Theft Research Center's findings on data breaches in 2017, the U.S. Supreme Court's denial of certiorari that leaves in place the circuit...more
Earlier this week, the Supreme Court of the United States denied certiorari in CareFirst v. Attias, a closely watched case that some thought provided the Court with an opportunity to clarify the standing analysis under Spokeo...more
Counsel hoping for Supreme Court guidance on standing issues dividing the circuit courts will have to wait a bit longer. On February 20, the Court denied a petition for writ of certiorari in Attias v. CareFirst to resolve a...more
Cisco is warning customers using its Adaptive Security Appliance (ASA) software about a virtual private network (VPN) bug that could "allow an unauthenticated, remote attacker to cause a reload of the affected system or to...more
In October 2017, healthcare insurer, CareFirst, petitioned the United States Supreme Court, requesting the Court to clarify the constitutional standing requirement for plaintiffs seeking to bring claims regarding their...more
At its first conference this month, the U.S. Supreme Court will consider whether to weigh in on a Circuit split over standing to sue in the aftermath of a data breach. ...more
The U.S. Supreme Court on Monday denied the petition for certiorari seeking review of the U.S. Court of Appeals for the Ninth Circuit's most recent decision in Spokeo v. Robins (Spokeo II), foregoing an opportunity to clarify...more
As 2017 draws to a close, data breach class actions abound, while questions regarding what suffices for Article III standing in these cases remain—with litigants hoping the Supreme Court will soon weigh in....more
The biggest question looming over every class-action case filed in response to a data breach is: Will the plaintiffs have standing? The answer has divided courts in recent cases across the country....more
In the latest sign that data breach class actions are here to stay—and, indeed, growing—the D.C. Circuit resuscitated claims against health insurer CareFirst BlueCross and Blue Shield, following a 2015 breach that compromised...more
A recent federal appellate decision suggests that it might be getting easier for cyberattack plaintiffs to establish standing in a manner sufficient to survive a motion to dismiss. According to the U.S. Court of Appeals for...more
Much to the dismay of companies, on August 1, 2017, the U.S. Court of Appeals for the D.C. Circuit made it easier for plaintiffs, and their attorneys, to bring class action data breach cases. In Attias v. CareFirst, Inc.,...more
Recently, the D.C. Circuit Court of Appeals ruled in Attias v. CareFirst, Inc., No. 16-7108, that customers had standing to sue a health insurer for a 2014 data breach in which the customers’ information was stolen. ...more
The U.S. Court of Appeals for the D.C. Circuit has held that allegations of a heightened risk of future identity theft resulting from a data breach established a concrete injury at the pleading stage....more
We have previously reported on the evolving circuit split over standing in data breach class actions. On August 1st, a three judge panel for the District of Columbia Circuit became the latest to weigh in on the issue. In...more
A federal appeals court earlier this week dealt a blow to healthcare insurer CareFirst, Inc., concluding that a group of customers have the right to pursue a class action data breach lawsuit based on a 2014 cyberattack....more
The U.S. Court of Appeals for the D.C. Circuit has reinstated a data breach class action filed against CareFirst BlueCross BlueShield (CareFirst). The lawsuit stems from a June 2014 data breach in which hackers infiltrated 22...more
The latest development in how American courts will handle the standing question for data breach class actions came last week when the U.S. District Court for the District of Columbia dismissed for lack of standing a putative...more
The United States District Court of Maryland recently dismissed a putative class action alleging that CareFirst’s failure to adequately secure the computer hardware storing their customers’ personal information led to two...more
Not to be left out, plaintiffs filed suit against CareFirst BlueCross Blue Shield late last week for the hacking incident the insurer suffered in May, which resulted in unknown intruders gaining access to names, dates of...more
On May 20, 2015, CareFirst BlueCross BlueShield (“CareFirst”) announced that it was the latest victim of a major cyberattack, with as many as 1.1 million plan customers affected. Current and former CareFirst members and...more
CareFirst, a Blue Cross Blue Shield plan serving the Washington D.C. metro area, became another in a line of health insurers to suffer a data breach as a result of hackers. CareFirst and the FBI are examining the breach...more
Following in the footsteps of Anthem and Premera, CareFirst, a Blue Cross Blue Shield plan servicing customers in Maryland, Washington, D.C. and Virginia announced yesterday that it too has been the victim of a...more