Yesterday the United States Court of Appeals for the Seventh Circuit weighed in on the consumer class action standing issue.  The court found that Barnes & Noble customers have standing to pursue a class action concerning the hacking of the retailer’s PIN pads.  In doing so, the Seventh Circuit reversed a district court ruling dismissing the complaint for failure to adequately plead damages.  The Court of Appeals determined that the time value of money which had been removed from plaintiffs’ accounts (even though it was ultimately returned), the costs of credit monitoring, and the time invested to create new accounts all were sufficient to provide standing. Continue Reading The Seventh Circuit Weighs In On Standing

Two courts. Two days.  Two different results.  On March 7, on remand from the U.S. Court of Appeals for the Eighth Circuit, a federal district court judge in Minnesota granted a motion to dismiss a consumer class action suit involving a 2014 data breach affecting over 1,000 grocery stores.  The court found that the allegations of possible future identity theft or fraud because of the breach were not sufficient to establish a substantial risk of future harm. Continue Reading The Standing Struggle in Data Breach Litigation Continues

In August, the United States Court of Appeals for the DC Circuit revived a class action lawsuit, holding that the threat of harm from a data breach is enough to satisfy the “injury in fact” standing requirement. Attias v. Carefirst, Inc., 865 F.3d 620 (DC Cir. 2017). The defendant, a group of health care insurers, filed a Petition for Writ of Certiorari to the United States Supreme Court on October 30 of last year. While the Supreme Court is deciding whether to grant the pending Petition, it is worthwhile to briefly review the standing question in the context of protecting your business from liability. Continue Reading Can’t This Just Be Over? Standing In Cybersecurity Claims

Think your business is too small to risk a cyber security threat? Do you have:

  • A point-of-sale cash register?
  • A credit card authorization system?
  • An email account?
  • Old software?
  • Any computer connected to the internet, ever?

We’ll explain the ways you never dreamed that you were at risk. Continue Reading Upcoming Seminar in Connecticut: Cyber Weapons You Must Deploy to Defeat the Criminals Stalking Your Small Business (and a Battle Plan to Launch Today)

In the first installation of our weekly series during National Cybersecurity Awareness Month, we examine information security plans (ISP) as part of an overall cybersecurity strategy.  Regardless of the size or function of an organization, having an ISP is a critical planning and risk management tool and, depending on the business, it may be required by law.  An ISP details the categories of data collected, the ways that data is processed or used, and the measures in place to protect it.  An ISP should address different categories of data maintained by the organization, including employee data and customer data as well as sensitive business information like trade secrets. Continue Reading The Importance of Information Security Plans

The California Attorney General’s office reported today that Uber will pay $148 million to resolve claims related to a 2016 data breach that Uber concealed.  In addition to failing to report the breach, Uber paid the hackers $100,000 as part of the cover-up.  The breach involved the information of 57 million customers and drivers.  According to reports, the $148 million will be shared with other states participating in the nationwide investigation.  This 2016 breach and a 2014 breach involving a failure to employ reasonable security practices already caught the attention of the Federal Trade Commission (FTC).  Uber agreed to resolve those claims earlier this year.  Also related to the 2014 breach, Uber caught a break when a judge tossed a class action suit for lack of standing in May.

Uber suffered a data breach in 2014 resulting in the compromise of more than 50,000 drivers’ personal information, including back account and social security numbers. Drivers brought a class action suit in federal court in the U.S. District Court for the Northern District of California.  On May 10, a judge tossed the suit for a third time for lack of standing because the two named plaintiffs failed to allege that they suffered an injury in fact. Continue Reading Uber Catches Break in Data Breach Class Action

On February 16, 2018, the U.S. Supreme Court denied certiorari to review CareFirst’s appeal of the U.S. Court of Appeals, D.C. Circuit’s decision in Attias v. Carefirst, Inc., 865 F.3d 620 (D.C. Cir. 2017).  The D.C. Circuit held that the threat of harm from a data breach is enough to satisfy the “injury in fact” standing requirement.    Other circuit courts of appeal have reached the opposite conclusion.  Unfortunately, the U.S. Supreme Court will not be addressing that circuit split this session.  See our previous entry on the CareFirst case.

Based on the decision in a recent Connecticut Supreme Court case, patients may now sue physicians for breaching confidentiality. Previously, Connecticut did not recognize breach of confidentiality as a cause of action. The unauthorized disclosure at the heart of Byrne v. Avery Center for Obstetrics and Gynecology, P.C. involved a provider’s response to a subpoena. Subpoena compliance has long been an area of confusion for providers. After Byrne, not only must providers pay special attention when responding to subpoenas but now they must also worry about broader breach of confidentiality claims by patients. Continue Reading Connecticut Recognizes New Cause of Action for Breach of Patient/Physician Confidentiality

This Blog/Web Site is made available by the lawyer or law firm publisher for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. By using this blog site you understand that there is no attorney-client relationship between you and the