The Next FCRA Frontier: Identity Theft and CFPB Updates — FCRA Focus Podcast
Consumer Finance Monitor Podcast Episode: Responding to Direct and Indirect Identity Theft Disputes Under the FCRA: What Are The Differences?
Torres Talks Trade Podcast Episode 9 on U.S. Customs and Border Protection's Global Business Identifier program
Phishing: Cybersecurity’s Biggest Threat
Digging Deeper, Episode 1: The Con Queen of Hollywood
Preserving Black History in Bucks County, PA, with Recorder of Deeds Robin Robinson: On Record PR
What is Consumer Fraud and What Deceptions are Employed?
What Companies Should Do to Prepare for Implementation of Cybersecurity Executive Order
The growing prevalence of data breaches has led to an uptick in class action litigation based on consumers' personal information allegedly being accessed. A common theme emerging in these lawsuits is plaintiffs claiming that...more
Class actions arising from data breach represented the fastest growing segment of class action filings. In 2023, more than 2000 class actions were filed, more than triple the amount filed in 2022. These cases were filed in...more
A new Fourth Circuit decision has thrown out of federal court a state-law privacy claim where the plaintiff alleged only a bare statutory violation without alleging “a nonspeculative, increased risk of identity theft,”...more
The United States Court of Appeals for the Third Circuit recently held that a plaintiff had standing to sue her former employer for a data breach that exposed her personal information to the “Dark Web” because she...more
The Third Circuit Court of Appeals has given new life to a putative class action suit led by a former employee of a company that suffered a ransomware attack, leading to her sensitive information being released onto the Dark...more
Over the years, there have been very few class certification rulings in actions arising from data breach incidents. Of those that have been published, most have favored the defense....more
Data breach lawsuits are challenging cases for plaintiffs. Assuming they are able to survive a motion to dismiss on grounds of Article III standing in the first instance, plaintiffs next bear the high burden of achieving...more
In McMorris v. Carlos Lopez & Associates, LLC, a data breach case, the Second Circuit held that plaintiffs may demonstrate standing based on a theory of “increased risk” of future identity theft or fraud following an...more
A federal appeals court recently addressed whether employees had standing to bring a lawsuit when their personally identifiable information (PII) was inadvertently circulated to other employees at the company, with no...more
While some states have enacted privacy laws granting consumers the right to bring a private right of action in a data breach context, federal courts have struggled to fit data breach injury into traditional Article III...more
In April 2021, the Second Circuit issued a decision recognizing an increased risk of future, unrealized identity theft or fraud as a basis for establishing Article III standing. Background - The case, McMorris v. Carlos...more
On April 26, 2021, the Second Circuit Court of Appeals decided the case of McMorris v. Carlos Lopez & Assocs., No. 19-4310, 2021 WL 1603808 (2d Cir. Apr. 26, 2021) and addressed one of the most critical issues in private data...more
On February 4, 2021, the Eleventh Circuit became the latest federal court of appeals to weigh in on a question that has divided the circuits: whether a plaintiff has standing to sue in a data breach case based on an alleged...more
To sue in federal court, a plaintiff must allege an injury that the court can actually remedy, rather than just issuing an advisory opinion, and a connection between the defendant’s conduct and the actual injury. See...more
As part of a growing trend, the Eleventh Circuit recently held that an alleged risk of future identity theft does not establish standing where the plaintiff does not allege any information has actually been misused. Tsao v....more
On February 4, 2021, the Eleventh Circuit affirmed the dismissal of a customer’s proposed class action lawsuit against a Florida-based fast-food chain, PDQ, over a data breach. The three-judge panel rejected the argument that...more
Last week, in Tsao v. Captiva MVP Restaurant Partners, LLC (Captiva), the U.S. Court of Appeals for the 11th Circuit held that data breach claims arising from increased risk of future identity theft and potential mitigation...more
Earlier this month, the Eleventh Circuit, in Tsao v. Captiva MVP Restaurant Partners, LLC, No. 18-14959, 2021 WL 381948 (11th Cir. Feb. 4, 2021), affirmed the dismissal of a class-action lawsuit brought on behalf of patrons...more
In early November, we wrote about a new Eleventh Circuit decision on Article III standing law which directly held that it was not enough to allege a statutory violation and instead there must be a concrete injury to sustain...more
In an opinion that deepens an existing circuit court split, the Eleventh Circuit recently held that the future risk of identity theft is not sufficient to establish Article III standing....more
In a decision that narrows the path to federal court for plaintiffs seeking statutory damages with no actual harm, the full 11th Circuit has held that a plaintiff must plead a concrete injury to bring a claim based on an...more
The Georgia Supreme Court may weigh in on the hot issue plaguing data breach class action litigation across the nation, must a data breach victim suffer actual financial loss to recover damages, or is the threat of future...more
On June 21, 2019, the D.C. Circuit split with several other circuits in holding that alleging a heightened risk of identity theft following a data breach is enough to establish standing at the pleadings stage....more
In this month's edition of our Privacy & Cybersecurity Update, we examine New York's new laws expanding consumer protection for data breaches, the D.C. Circuit's two rulings deepening the split regarding standing in data...more
The U.S. Office of Personnel Management (“OPM”) made headlines when several hacks of confidential data came to light in 2015, intrusions that compromised the personal data of over 20 million individuals. On July 21, 2019, in...more