European antitrust authorities have delivered a stinging rebuke to Google in the form of a $5.1 billion penalty over its Android operating system practices. The sum displaces last year’s $2.7 billion fine, also against...more
The U.S. Court of Appeals for the Third Circuit has found that plaintiffs must show a causal connection between the theft of their personal information and the purported harm that they have suffered in order to survive a...more
The U.S. Court of Appeals for the Fourth Circuit has found that allegations that fraudsters used the personal information of data breach victims are sufficient to establish standing even without any fraudulent charges...more
Despite some courts’ evident confusion about the impact of payment card theft on consumer cardholders, other courts are getting it right. Just this week, a judge in the Northern District of Illinois issued an order dismissing...more
This week, the U.S. Court of Appeals for the Second Circuit issued an important decision in Whalen v. Michaels Stores, placing the court at the center of the controversy around what allegations are sufficient to establish...more
In the latest decision on Article III standing in a data breach case, the U.S. Court of Appeals for the Second Circuit ruled that a credit card holder – who neither pleaded specific facts about the time or effort spent...more
When data thieves steal payment card data, consumers suffer no legally cognizable injuries. Card issuers absorb the fraudulent charges and replace the affected cards. Because fraudulent charges are not billed to consumers,...more
I’ve previously blogged about a new breed of data breach class actions filed by financial institutions against retailers (as opposed to customers suing retailers). In these cases, financial institutions claim that retailers...more
A federal judge in Illinois dismissed the class action lawsuit filed against Barnes & Noble stemming from a data breach in 2013. The breach occurred when credit and debit card PIN pads were compromised at 63 Barnes & Noble...more
Kimpton Hotels and Restaurants has announced that it is investigating a point-of-sale credit and debit card breach affecting approximately two dozen of its properties in the U.S....more
The computer network of a Five Guys Burger franchise, RVST Holdings, LLC (RVST), was hacked. Customers’ credit card information was stolen and used to make numerous fraudulent charges. Trustco Bank brought an action against...more
Wendy’s suffered a data breach in the fall of 2015 that it recently reported affected one particular point of sale system at fewer than 300 restaurants. Wendy’s has already been sued as a result of the incident, including a...more
KrebsOnSecurity has reported that sources from the banking industry have advised of a pattern of fraud on credit cards used at Trump Hotel Collection (Trump) properties. Trump has confirmed that it is investigating the...more
We wrote about Wendy’s investigation into a data breach at its chain restaurants at the beginning of January, and now Wendy’s faces a class action over that same breach. The suit claims that Wendy’s negligently exposed...more
On January 7, 2016, the U.S. District Court for the District of Minnesota dismissed for lack of standing the consolidated data breach complaint filed by consumers against SuperValu, Inc., AB Acquisition, LLC, and New...more
Hundreds of Quincy Credit Union (Massachusetts) customers reported that unauthorized ATM withdrawals were made from their accounts over the holiday weekend. Officials now believe that skimmers were placed on ATM machines in...more
The National Association of Insurance Commissioners (“NAIC”) continued its efforts to advance cybersecurity in the insurance industry when it recently adopted the Cybersecurity Bill of Rights. The Cybersecurity Bill of Rights...more
The decision does not change the law on what is necessary to prove standing, although it does reinforce the notion that a plaintiff will have standing if he or she can allege a concrete injury. In the latest in a slew of...more
A federal judge in Pennsylvania has allowed a data breach class action against Coca-Cola and several bottling companies to proceed, finding that the plaintiff has Article III standing even though he had left Coca-Cola’s...more
It has been reported that Hilton Hotel Properties (Hilton), including Embassy Suites, Doubletree, Hampton Inn and Suites and Waldorf Astoria is investigating credit card fraud alerts from banks, which have been alerted by...more
On appeal to the Seventh Circuit, a three-judge panel opinion written by Chief Judge Woods reversed the lower court. Remijas v. Neiman Marcus Group, LLC, No. 14-3122, 2015 WL 4394814, at *3 (7th Cir. July 20, 2015). The panel...more
Attorneys for certain banks and other financial institutions that are caught up in Target’s 2013 data breach are objecting to the $67 million deal struck last week between the retailer and Visa Inc. The banks and credit...more
Although Target has tentatively settled consumer data breach class action claims, the retailer remains in the crosshairs of the plaintiffs’ class action bar. On September 15, a Minnesota federal district court certified a...more
Companies can be fined by the federal government for failing to properly safeguard consumer data, according to a decision this week by Pennsylvania's federal appellate court....more
Since at least 2005, the Federal Trade Commission has asserted that it may regulate lax data security practices as an “unfair” business practice under Section 5 of the FTC Act. The Wyndham hotel chain was the first to...more