On April 26, 2021, the Second Circuit considered—for the first time in a published decision—the question of Article III standing in the context of a data security case. In McMorris v. Carlos Lopez & Associates LLC, the court...more
Since the Supreme Court’s decision in Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016), courts have grappled with what constitutes a sufficient injury in fact to satisfy Article III standing requirements. Predominant Issues...more
On February 4, 2021, the Eleventh Circuit became the latest federal court of appeals to weigh in on a question that has divided the circuits: whether a plaintiff has standing to sue in a data breach case based on an alleged...more
Earlier this month, the Eleventh Circuit, in Tsao v. Captiva MVP Restaurant Partners, LLC, No. 18-14959, 2021 WL 381948 (11th Cir. Feb. 4, 2021), affirmed the dismissal of a class-action lawsuit brought on behalf of patrons...more
In a ruling of first impression, the United States District Court for the Northern District of Texas dismissed for lack of Article III standing a Helms-Burton Act lawsuit alleging that American Airlines "trafficked" in...more
The Situation: Relating to a 2012 data breach lawsuit against Zappos.com, a district court had found that a certain group of plaintiffs lacked standing to sue because they "failed to allege instances of actual identity theft...more
Every data breach class action in federal court must confront a threshold question: has the plaintiff alleged a sufficient “injury in fact” to establish Article III standing? The inquiry frequently focuses on whether a...more
The data breach at the U.S. Office of Personnel Management was one of the most serious and possibly one of the top ten largest data breaches of the 21st century, compromising background investigation records for some 22...more
On August 1, 2017, the D.C. Circuit handed down its decision in the data breach class action Attias v. CareFirst. In doing so, it became the latest federal appellate court to recognize that individual victims of a breach have...more
On May 23, 2017, the Fourth Circuit Court of Appeals issued its opinion on Wikimedia foundation v. NSA/CSS. The Court vacated and remanded the NSA’s previously successful motion to dismiss Wikimedia’s Fourth and First...more
Early in May, the U.S. Court of Appeals for the Second Circuit in Whalen v. Michaels Stores, Inc., No. 16-260 (L) (2d Cir. May 2, 2017), affirmed the dismissal of a data breach class action brought against Michaels Stores...more
The United States Court of Appeals for the Third Circuit recently ruled that a data breach class action may proceed on the basis of a Fair Credit Reporting Act (FCRA) violation alone, even where the putative class members do...more
A common and understandable concern of companies that suffer a data breach is whether the victims can sue the company. It is tempting to assume that the victims won’t sue if they do not suffer identity theft or monetary loss...more
In today’s world, as technology costs decrease and personal information becomes more valuable on the black market, data breaches have seemingly joined the ranks of death and taxes as certainties. Add to that litigation:...more
On October 12, 2016, the U.S. Court of Appeals for the Sixth Circuit denied a petition for an en banc rehearing of its September 12 decision in Galaria, et al. v. Nationwide Mutual Insurance Company (Nos. 15-3386/3387). In...more
In its recent decision in Galaria v. Nationwide Mut. Ins. Co., no. 15-3386 (6th Cir. Sept. 12, 2016). Co., No. 15-3386 (6th Cir. Sept. 12, 2016), a divided Sixth Circuit panel held that plaintiffs had standing to assert...more
Following the Seventh Circuit’s recent decision in Lewert v. P.F. Chang’s China Bistro Inc., 2016 U.S. App. LEXIS 6766 (7th Cir. Ill. Apr. 14, 2016), many commentators quickly pronounced the Seventh Circuit fertile territory...more
On April 14, 2016, the Seventh Circuit held in Lewart v. P.F. Chang’s that customers who may have had personal information compromised in a P.F. Chang’s data breach have standing, at the motion-to-dismiss stage, to sue the...more
The data breach class action lawsuit filed against grocery store retail chain SuperValu Inc. (“SuperValu”) was put on the shelf by the U.S. District Court for the District of Minnesota on January 7, 2016. The plaintiffs...more
How much does the question of harm matter in cybersecurity law? The answer is: It depends on who is bringing the claim. Businesses confronting data breaches can face litigation from private consumers as well as from...more
New decisions from two federal courts may allow defendants in data breach class action litigation to breathe somewhat easier, following a run of adverse decisions last year. These decisions illustrate an emerging trend of...more
The arts and crafts retail chain Michael Stores Inc. (“Michaels”) received a late holiday gift in the form of a dismissal of a data breach class action lawsuit. On December 28, 2015, the U.S. District Court for the Eastern...more
Last week, the government of Australia released an “Exposure Draft” of a bill that, if passed into law, would amend Australia’s Privacy Act to require notification to the government and affected individuals in the event of a...more
The decision does not change the law on what is necessary to prove standing, although it does reinforce the notion that a plaintiff will have standing if he or she can allege a concrete injury. In the latest in a slew of...more
A federal judge in Pennsylvania has allowed a data breach class action against Coca-Cola and several bottling companies to proceed, finding that the plaintiff has Article III standing even though he had left Coca-Cola’s...more