Consumer Finance Monitor Podcast Episode: Responding to Direct and Indirect Identity Theft Disputes Under the FCRA: What Are The Differences?
Torres Talks Trade Podcast Episode 9 on U.S. Customs and Border Protection's Global Business Identifier program
Phishing: Cybersecurity’s Biggest Threat
Digging Deeper, Episode 1: The Con Queen of Hollywood
Preserving Black History in Bucks County, PA, with Recorder of Deeds Robin Robinson: On Record PR
What is Consumer Fraud and What Deceptions are Employed?
What Companies Should Do to Prepare for Implementation of Cybersecurity Executive Order
The Third Circuit Court of Appeals has given new life to a putative class action suit led by a former employee of a company that suffered a ransomware attack, leading to her sensitive information being released onto the Dark...more
In McMorris v. Carlos Lopez & Associates, LLC, a data breach case, the Second Circuit held that plaintiffs may demonstrate standing based on a theory of “increased risk” of future identity theft or fraud following an...more
A federal appeals court recently addressed whether employees had standing to bring a lawsuit when their personally identifiable information (PII) was inadvertently circulated to other employees at the company, with no...more
While some states have enacted privacy laws granting consumers the right to bring a private right of action in a data breach context, federal courts have struggled to fit data breach injury into traditional Article III...more
The 11th Circuit recently weighed in on the hottest issue is data breach litigation, whether a demonstration of actual harm is required to have standing to sue. Joining several other circuit courts, the 11th Circuit in Tsao...more
To sue in federal court, a plaintiff must allege an injury that the court can actually remedy, rather than just issuing an advisory opinion, and a connection between the defendant’s conduct and the actual injury. See...more
Last week, in Tsao v. Captiva MVP Restaurant Partners, LLC (Captiva), the U.S. Court of Appeals for the 11th Circuit held that data breach claims arising from increased risk of future identity theft and potential mitigation...more
The Georgia Supreme Court may weigh in on the hot issue plaguing data breach class action litigation across the nation, must a data breach victim suffer actual financial loss to recover damages, or is the threat of future...more
On June 21, 2019, the D.C. Circuit split with several other circuits in holding that alleging a heightened risk of identity theft following a data breach is enough to establish standing at the pleadings stage....more
In this month's edition of our Privacy & Cybersecurity Update, we examine New York's new laws expanding consumer protection for data breaches, the D.C. Circuit's two rulings deepening the split regarding standing in data...more
Last Friday we blogged on the Saks data breach class action, and in the process mentioned a trend among federal courts to reject fear of future identity theft claims in retail breach cases. ...more
Over the past few years, there has been a surge in class actions challenging companies’ privacy and data security practices. But, while the number of class actions continues to grow, the suits face several significant...more
The Fourth Circuit’s 2017 decision in Beck v. McDonald held that the mere fear of identity theft in the wake of a data breach was insufficient to confer Article III standing. ...more
The U.S. Court of Appeals for the Fourth Circuit has found that allegations that fraudsters used the personal information of data breach victims are sufficient to establish standing even without any fraudulent charges...more
The Situation: Relating to a 2012 data breach lawsuit against Zappos.com, a district court had found that a certain group of plaintiffs lacked standing to sue because they "failed to allege instances of actual identity theft...more
On March 8, a Ninth Circuit panel held that fear of identity theft in the wake of a data breach satisfies the standing requirements of Article III of the United States Constitution....more
The U.S. Court of Appeals for the Ninth Circuit has found that allegations of a future risk of identity theft resulting from a data breach are sufficient to establish standing....more
In this month's edition of our Privacy & Cybersecurity Update, we examine the Identity Theft Research Center's findings on data breaches in 2017, the U.S. Supreme Court's denial of certiorari that leaves in place the circuit...more
A circuit split on whether actual misuse of personal data is required to have standing to assert data breach claims remains unresolved. Last week the Supreme Court rejected a petition to review that issue in CareFirst v....more
Earlier this week, the Supreme Court of the United States denied certiorari in CareFirst v. Attias, a closely watched case that some thought provided the Court with an opportunity to clarify the standing analysis under Spokeo...more
By now, most everyone has heard it from a friend who, heard it from a friend who, heard it from another about the U.S. Supreme Court’s 2016 decision in Spokeo, Inc. v. Robins. It is the case being cited across the country in...more
We previously reported on the developing circuit split over Article III standing in data breach class action cases. In August, the D.C. Circuit Court joined the Sixth, Seventh, and Ninth Circuits in finding that the...more
The U.S. Court of Appeals for the Eighth Circuit has become the latest appellate court to enter the contested debate over Article III standing in data breach litigation. The Eighth Circuit held that 15 of 16 named plaintiffs...more
In the latest sign that data breach class actions are here to stay—and, indeed, growing—the D.C. Circuit resuscitated claims against health insurer CareFirst BlueCross and Blue Shield, following a 2015 breach that compromised...more
The U.S. Court of Appeals for the Eighth Circuit held that allegations of a future risk of identity theft resulting from a data breach are not sufficient to establish standing. The August 30 ruling in In re SuperValu Customer...more