Earlier this month, the Eleventh Circuit, in Tsao v. Captiva MVP Restaurant Partners, LLC, No. 18-14959, 2021 WL 381948 (11th Cir. Feb. 4, 2021), affirmed the dismissal of a class-action lawsuit brought on behalf of patrons...more
The Situation: Relating to a 2012 data breach lawsuit against Zappos.com, a district court had found that a certain group of plaintiffs lacked standing to sue because they "failed to allege instances of actual identity theft...more
Every data breach class action in federal court must confront a threshold question: has the plaintiff alleged a sufficient “injury in fact” to establish Article III standing? The inquiry frequently focuses on whether a...more
The data breach at the U.S. Office of Personnel Management was one of the most serious and possibly one of the top ten largest data breaches of the 21st century, compromising background investigation records for some 22...more
On August 1, 2017, the D.C. Circuit handed down its decision in the data breach class action Attias v. CareFirst. In doing so, it became the latest federal appellate court to recognize that individual victims of a breach have...more
On May 23, 2017, the Fourth Circuit Court of Appeals issued its opinion on Wikimedia foundation v. NSA/CSS. The Court vacated and remanded the NSA’s previously successful motion to dismiss Wikimedia’s Fourth and First...more
A common and understandable concern of companies that suffer a data breach is whether the victims can sue the company. It is tempting to assume that the victims won’t sue if they do not suffer identity theft or monetary loss...more
In today’s world, as technology costs decrease and personal information becomes more valuable on the black market, data breaches have seemingly joined the ranks of death and taxes as certainties. Add to that litigation:...more
Following the Seventh Circuit’s recent decision in Lewert v. P.F. Chang’s China Bistro Inc., 2016 U.S. App. LEXIS 6766 (7th Cir. Ill. Apr. 14, 2016), many commentators quickly pronounced the Seventh Circuit fertile territory...more
How much does the question of harm matter in cybersecurity law? The answer is: It depends on who is bringing the claim. Businesses confronting data breaches can face litigation from private consumers as well as from...more
On appeal to the Seventh Circuit, a three-judge panel opinion written by Chief Judge Woods reversed the lower court. Remijas v. Neiman Marcus Group, LLC, No. 14-3122, 2015 WL 4394814, at *3 (7th Cir. July 20, 2015). The panel...more
On August 14, 2015, a class action was filed in the United States District Court for the District of Columbia on behalf of about 21.5 million federal employees, contractors, and job applicants whose personal information was...more
In January 2014, luxury retailer Neiman Marcus disclosed that it had suffered a cyberattack in which hackers may have gained access to 350,000 credit and debit cards used at its stores in late 2013. Plaintiffs, all of whom...more
In an unusual turn for recent data breach class action cases, the Seventh Circuit this week found that a likely threat of identity theft is sufficient for a proposed class to have standing to sue Nieman Marcus for a...more
On May 4, 2015, a US District Court judge in the Eastern District of Louisiana dismissed a class action lawsuit that sought damages from eBay based on the “threat of future harm” stemming from the online retailer’s 2014 data...more
In Clapper v. Amnesty International USA, 133 S. Ct. 1138 (2013), the Supreme Court recently held that individuals claiming injury from the federal government’s right to conduct electronic surveillance under the Foreign...more