11th Circuit: No Standing for Risk of Future Harm from Identity Theft

Weiner Brodsky Kider PC

Weiner Brodsky Kider PC

The U.S. Court of Appeals for the Eleventh Circuit recently held that a plaintiff does not have an actual injury sufficient to establish standing to sue based merely on an increased risk of future identify theft or efforts to mitigate such risk. The Eleventh Circuit joins the Second, Third, Fourth, and Eighth Circuits that have also declined to find standing on those facts.

In the underlying case, the defendant’s data had been breached and a hacker gained access to customer names and credit card information. When the defendant learned of the breach, it notified customers that their personal information may have been accessed. Due to the nature of the breach, the defendant could not determine exactly what information had been compromised. The plaintiff had two credit card accounts that may have been accessed, and he cancelled them after learning of the possible breach.

The plaintiff filed a putative class action in the U.S. District Court for the Middle District of Florida, bringing claims under contract law, negligence, and consumer protection law. The plaintiff alleged various injuries, including theft of personal financial information, unauthorized charges to debit and credit card accounts, and ascertainable losses associated with card benefits. He further alleged that he and the putative class members were at an increased risk of harm from identify theft and fraud that required them to expend time and resources to mitigate such harm.

The defendant moved to dismiss the complaint, in part, for failure to show standing under Article III of the Constitution, because the plaintiff did not identify a single incident involving identify theft or fraud that resulted in actual injury. In response, the plaintiff pointed to three types of alleged injuries: lost cash back or reward points, lost time spent addressing the breach, and restricted card access due to card cancellations. The district court dismissed the complaint for lack of standing. On appeal, the plaintiff argued that he had standing to bring the action because of the possibility of future injury as a result of the breach, as well as based on the other types of injuries that he alleged.

The Eleventh Circuit affirmed the dismissal, finding that the plaintiff lacked standing under Article III. To show standing, a plaintiff must have suffered an injury in fact, the injury must be fairly traceable to the alleged conduct of the defendant, and the injury is one that is likely to be redressed by a favorable judicial decision. The court of appeals held that a plaintiff who alleges a threat of harm does not have standing unless the hypothetical harm alleged is certainly impending or there is a substantial risk of such harm. A plaintiff could not manufacture standing by inflicting harm on itself to mitigate a perceived risk. The court found that the plaintiff did not show that there was a substantial risk of identity theft because no social security numbers, birth dates, or driver’s license numbers were compromised in the breach, and the information that may have been accessed was not enough to commit identity fraud. It found the risk of unauthorized purchases on the card accounts that may have been accessed to be minimal. It also denied standing based on the plaintiff’s efforts to mitigate the risk of identity theft because there was no substantial risk of it occurring.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Weiner Brodsky Kider PC | Attorney Advertising

Written by:

Weiner Brodsky Kider PC

Weiner Brodsky Kider PC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.