As previously noted in this blog, the Neiman Marcus payment card data theft class action reflects a lenient approach to the issue of standing in data breach cases. In that case, the Seventh Circuit rejected arguments that...more
In the latest decision concerning standing in data breach cases, the Fourth Circuit has vacated a district court’s dismissal and reinstated putative class action data breach litigation against the National Board of Examiners...more
A circuit split on whether actual misuse of personal data is required to have standing to assert data breach claims remains unresolved. Last week the Supreme Court rejected a petition to review that issue in CareFirst v....more
3/1/2018
/ Article III ,
Cybersecurity ,
Data Breach ,
Hackers ,
Identity Theft ,
Injury-in-Fact ,
Jurisdiction ,
Personal Data ,
Personally Identifiable Information ,
Spokeo v Robins ,
Standing
This week’s disclosure that a 2013 data breach may have affected all 3 billion Yahoo accounts then in existence could alter the scope of the consolidated data breach cases currently pending against Yahoo in the federal court...more
Despite some courts’ evident confusion about the impact of payment card theft on consumer cardholders, other courts are getting it right. Just this week, a judge in the Northern District of Illinois issued an order dismissing...more
6/16/2017
/ Actual Injuries ,
Amended Complaints ,
Banks ,
Barnes and Noble ,
Credit Cards ,
Credit Monitoring ,
Data Breach ,
Debit Cards ,
Dismissals ,
Fraudulent Charges ,
Standing ,
Theft
Snatching victory of a sort from the jaws of defeat, shareholders who brought a derivative action alleging that the 2014 Home Depot data breach resulted from officers’ and directors’ breaches of fiduciary duties have reached...more
5/2/2017
/ Appeals ,
Breach of Duty ,
Corporate Counsel ,
Corporate Governance ,
Cybersecurity ,
Data Breach ,
Derivative Suit ,
Fiduciary Duty ,
Home Depot ,
Popular ,
Settlement ,
Shareholders
When data thieves steal payment card data, consumers suffer no legally cognizable injuries. Card issuers absorb the fraudulent charges and replace the affected cards. Because fraudulent charges are not billed to consumers,...more
4/24/2017
/ Actual Injuries ,
Corporate Counsel ,
Corporate Liability ,
Data Breach ,
Debit and Credit Card Transactions ,
Fraudulent Charges ,
Hotels ,
Identity Protection Services ,
Personally Identifiable Information ,
Popular ,
Standing
Counsel for a class of card-issuing banks filed a settlement agreement on March 8 proposing a class settlement to resolve claims arising from the 2014 theft of payment card data from Home Depot point-of-sale terminals. The...more
When hackers steal consumer data, injury to consumers is not a foregone conclusion. This is particularly so where credit and debit card numbers are stolen. Banks, not consumers, bear the cost of fraudulent charges. ...more
An old saw defines insanity as doing the same thing over and over again and expecting a different result. Wendy’s shareholders recently flouted that maxim by filing a derivative action this week against officers and...more
Dismissal Of Home Depot Derivative Action Extends Shareholder Losing Streak
An attempt to impose liability on corporate officers and directors for data breach-related losses has once again failed. On November 30,...more
In its recent decision in Galaria v. Nationwide Mut. Ins. Co., no. 15-3386 (6th Cir. Sept. 12, 2016). Co., No. 15-3386 (6th Cir. Sept. 12, 2016), a divided Sixth Circuit panel held that plaintiffs had standing to assert...more
9/16/2016
/ Appeals ,
Article III ,
Clapper v. Amnesty International ,
Corporate Counsel ,
Data Breach ,
Fair Credit Reporting Act (FCRA) ,
Hackers ,
Personal Data ,
Personally Identifiable Information ,
Spokeo v Robins ,
Standing
In a terse two-page order, Senior District Court Judge Paul Magnuson dismissed derivative claims brought against officers and directors of Target in connection with the 2013 holiday-season data breach. The dismissed claims,...more
Everyone loves a good courtroom drama. So just imagine this pitch: henchmen of an evil dictator hack their way into a movie studio computer system. Once inside, they steal the most sensitive personal information of the...more
Last week, a federal court in Atlanta issued an order preliminarily approving a proposed settlement – valued up to $19.5 million – of the consumer claims arising from the 2014 theft of payment card data from Home Depot. The...more
Remember this? -
“Wetware” – coder slang for biological life forms (i.e., people) – is the weak link in most companies’ data security protections, according to a new data security report issued by the Association of...more
A Massachusetts Superior Court judge held that a plaintiff has standing to sue for money damages based on the mere exposure of plaintiff’s private information in an alleged data breach. The court concluded that the plaintiff...more
Two years after the massive holiday season theft of customers’ payment card data from Target point of sale terminals, the Target data breach litigation appears to be entering its final act. On Tuesday, December 1, Target...more
As reported on Friday in the Krebs on Security blog, online broker Scottrade had sent an e-mail to customers earlier that day stating that it recently had learned from law enforcement officials that Scottrade was one of a...more
10/8/2015
/ Class Action ,
Credit Monitoring ,
Cyber Crimes ,
Cybertheft ,
Data Breach ,
Data Privacy ,
Data Security ,
Financial Institutions ,
Government Investigations ,
Law Enforcement ,
Personal Data ,
Scottrade ,
Standard of Care
This Is The End? -
Settlement appears imminent in an employee class action against Sony Pictures Entertainment (“SPE”) arising from disclosure of their personally identifiable information (“PII”) in a massive data breach...more
9/8/2015
/ Class Action ,
Class Certification ,
Credit Monitoring ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Employee Privacy Rights ,
Free Identity Theft Protection ,
Hackers ,
Identity Theft ,
Personally Identifiable Information ,
Settlement ,
Sony ,
Stipulations
Card-issuing banks are forging ahead with their lawsuit against Target arising from the 2013 holiday shopping season data breach. Their July 1 motion for class certification has just been unsealed, allowing a glimpse at...more
8/26/2015
/ Class Action ,
Class Certification ,
Credit Cards ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
MasterCard ,
Personally Identifiable Information ,
Settlement Agreements ,
Target ,
Visa Inc
Target has announced that it has entered into a settlement with Visa to resolve claims of issuers of Visa credit and debit cards arising from Target’s November 2013 data breach. The proposed settlement will pay issuers of...more
Neiman Marcus Petition Claims that Seventh Circuit Decision Invents Harm to Find Standing to Bring Data Breach Claims -
Retailer Neiman Marcus has filed a petition seeking en banc review by the entire Seventh Circuit of...more
Seventh Circuit Rules Consumers Have Standing to Sue in Neiman Marcus Payment Card Data Breach Case -
In Remijas v. Neiman Marcus Group, LLC, the Seventh Circuit reversed a district court decision dismissing consumer...more
7/22/2015
/ Appeals ,
Article III ,
Clapper v. Amnesty International ,
Class Action ,
Data Breach ,
Debit and Credit Card Transactions ,
Imminent Harm ,
Neiman Marcus ,
Retailers ,
Spokeo v Robins ,
Standing
In its recently-filed motion to dismiss claims of card-issuing banks arising from the September 2014 theft of payment card data from Home Depot point of sale terminals, Home Depot employs an approach typically used to respond...more