One of the main risks that a company faces after a data breach is a potential lawsuit. Plaintiffs often will allege creative statutory and common law theories of harm after they learn that their personal information has been...more
As previously noted in this blog, the Neiman Marcus payment card data theft class action reflects a lenient approach to the issue of standing in data breach cases. In that case, the Seventh Circuit rejected arguments that...more
On August 15, 2017, the 9th Circuit, in Thomas Robins v. Spokeo, Inc., reversed the district court’s dismissal of an action alleging willful violations of the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq. The 9th...more
Much to the dismay of companies, on August 1, 2017, the U.S. Court of Appeals for the D.C. Circuit made it easier for plaintiffs, and their attorneys, to bring class action data breach cases. In Attias v. CareFirst, Inc.,...more
Must plaintiffs allege actual identity theft from a data breach to avoid dismissal of their class action lawsuit? No, according to yesterday’s opinion from a three-judge panel of the United States Court of Appeals for the...more
In January of this year, the Federal Trade Commission (FTC) brought suit against Taiwan-based D-Link Corp. and its U.S. subsidiary, D-Link Systems Inc, in Los Angeles Federal Court, for failing to properly secure its consumer...more
In an April 13, 2017 decision in Walters v. Kimpton Hotel, a California federal judge rejected the bid of hotel chain Kimpton Hotel and Restaurant Group, LLC to dismiss a proposed class action arising from a data breach last...more
On July 29, 2016, the three Federal Trade Commission (“FTC”) commissioners vacated their chief administrative law judge’s bold decision to dismiss the agency’s action against a medical testing lab, LabMD, In the Matter of...more
Last week, a Minnesota court ruled that a consolidated class action filed against SuperValu retail chain failed to assert any harm, finding that while SuperValu did suffer two data breaches, the class’s claims of possible...more
Does a data breach of a retailer’s payment-card information automatically confer Article III standing on affected customers? Is the mere possibility that some criminal element may use pilfered information to commit future...more
Internet Cafes Lose a Bet With the California Supreme Court - In a unanimous decision, the California Supreme Court upheld an injunction against the operators of Internet cafes that offered “sweepstakes” games the Court...more
Neiman Marcus Petition Claims that Seventh Circuit Decision Invents Harm to Find Standing to Bring Data Breach Claims - Retailer Neiman Marcus has filed a petition seeking en banc review by the entire Seventh Circuit of...more
When hackers breach a business’s systems, class actions are sure to follow. Often, however, these suits have faltered right out of the starting gate. Citing the Supreme Court’s 2013 decision in Clapper v. Amnesty...more
On July 20, 2015, a federal appeals court in Chicago issued what could be a watershed ruling in favor of consumers pursuing class action lawsuits against retailers and other companies following data breaches that involve the...more
Seventh Circuit Rules Consumers Have Standing to Sue in Neiman Marcus Payment Card Data Breach Case - In Remijas v. Neiman Marcus Group, LLC, the Seventh Circuit reversed a district court decision dismissing consumer...more
In Maglio v. Advocate Health and Hosps. Corp., 2015 IL App (2d) 140782-U (Ill. App. Ct. June 2, 2015), the Illinois Appellate Court was asked to decide whether individuals have standing to bring suit for violations of...more
Continuing the growing trend of dismissing data breach cases when there is no evidence of actual harm, the United States District Court for the District of Nevada last week dismissed a class action case filed against Zappos...more
On March 31, 2015, a New Jersey federal judge dismissed a class action lawsuit against Horizon Healthcare Services Inc. alleging the company failed to protect the personal information of thousands of insurance network members...more
Yet another federal judge has concluded that an individual whose personal information was allegedly accessed during a data breach lacks standing to sue unless and until there has been a misuse of that personal information or...more
We have been closely watching the class action suits against PF Chang’s (and other retailers) relating to the bistro’s data breach last year. In December, a federal district court in Illinois dismissed a proposed class action...more
As we discussed in our previous post, Premera Blue Cross (Premera) recently revealed that it suffered a massive data breach potentially exposing the personal data of 11 million customers. ...more
Hewing to prior Third Circuit precedent in Reilly v. Ceridian and the Supreme Court’s precedent in Clapper v. Amnesty International, the Middle District of Pennsylvania recently joined the majority of federal district courts...more
The US District Court for the Middle District of Pennsylvania recently dismissed a consolidated class action against Paytime, Inc. arising out of a data breach by hackers who accessed the personal and financial information of...more
Storm v. Paytime, Inc. — a recent case decided by the U.S. District Court for the Middle District of Pennsylvania — gives companies that have suffered third-party data breaches another decision to support dismissing class...more