X
    X
    X
    X

    Standing in Data Breach Cases – Still a Moving Target

    Publications

    Where do we stand on standing in data breach cases? It depends on which court you ask. In December 2014, two courts considered whether plaintiffs alleged sufficient injury in their complaints involving well-known data breaches – and reached different results on standing. In a case against Target Corporation (No. 14-md-2522, D. Minn.), the court held that the plaintiffs had alleged a concrete and particularized injury, traceable to Target’s conduct, based on allegations of “unlawful charges, restricted or blocked access to bank accounts, inability to pay other bills, and late payment or new card fees,” and therefore had standing to sue. In contrast, in a case against P.F. Chang’s China Bistro (No. 14-cv-4787, N.D. Ill.), allegations of overpayment for P.F. Chang’s services, fraudulent charges to a debit card, inability to accrue reward points, and “increased risk of identity theft” were insufficient to confer standing.

    The two recent cases illustrate the types of alleged injuries plaintiffs claim they have suffered from the theft of their personal identifying information. These two cases and other recent decisions demonstrate that there are divisions in the courts on standing issues. When personal information is breached by a hacker targeting a favorite retailer, restaurant, bank, or doctor’s office, whether the victim has standing to sue in federal court remains a definite “maybe” depending on the jurisdiction and the nature of any specific out-of-pocket damages allegedly incurred.

     Molly McGinnis Stine is a Partner and John Kloecker is Of Counsel in Locke Lord’s Chicago office. They can be reached at mmstine@lockelord.com and jkloecker@lockelord.com.

    Explore Additional Topics

    Disclaimer

    Please understand that your communications with Locke Lord LLP through this website do not constitute or create an attorney-client relationship with Locke Lord LLP. Any information you send to Locke Lord LLP through this website is on a non-confidential and non-privileged basis. Therefore, do not send or include any information in your email that you consider to be confidential or privileged.