Courts Are Still Willing To Dismiss Data Breach Lawsuits for Lack of Standing BakerHostetler JDSupra

pppIn data breach litigation courts generally find plaintiffs have standing such that their complaints may proceed past the pleading stage when it is alleged that sensitive information was impacted and there is an allegation of dark web exposure misuse or fraud However a few courts have recently dismissed proposed data breach class actions despite these factors being allegedppFor example in Maser v CommonSpirit Health a Colorado district court dismissed a proposed data breach class action finding that the plaintiff failed to allege an injuryinfact fairly traceable to the data breach despite allegations that she experienced bank fraud and a drop in her credit score No 123cv01073RMSBP D Colo Dec 4 2024 Because the plaintiffs bank information was not compromised in the breach and none of the stolen data fields in and of themselves can enable fraud the court held that the alleged harms were not fairly traceable to the breach and therefore her other injury allegations were insufficient to support standing Similarly an Arizona federal judge recently dismissed a proposed data breach class action finding the plaintiffs failed to state a claim despite allegations that they suffered various specific damages such as outofpocket losses and attempted or actual identity theft or fraud Johnson et al v Yuma Regional Medical Ctr No CV2201061PHXSMB D Ariz Nov 15 2024 The court held that the plaintiffs failed to allege they suffered cognizable injuries as a result of the breach and the defendants privacy policy made no promise to absolutely defend against such attacksppLikewise the Illinois Supreme Court recently issued its decision in Petta v Christie Business Holding Co PC affirming the appellate courts dismissal for lack of standing even though the plaintiff had alleged that an unauthorized loan application was made in her name using her phone number city and state sometime after the data breach because the plaintiff did not allege that any of her private personally identifiable information PII such as her Social Security number was used in the loan application or that it was impacted in the data breach 2025 IL 130337 2025 The court further found that the unsuccessful loan application was not fairly traceable to the defendants alleged misconduct given that the information used in the loan application the plaintiffs phone number and city could be found in a publicly available phone directory IdppThis trend is not limited to these cases rather courts across the country have issued full dismissals where plaintiffs despite alleging fraud or misuse fail to allege a connection between the data incident and the alleged harm See Stern v Acad Mortg Corp No 224CV00015DBBDAO 2025 WL 239036 D Utah Jan 17 2025 dismissed for lack of standing despite allegations of a fraudulent loan made using the plaintiffs PII because the plaintiff failed to show traceability between the data incident and the injury Williams v Bienville Orthopaedic Specialists LLC 737 F Supp 3d 411 SD Miss 2024 no traceability and thus no standing despite allegations of actual fraud and data misuse including unauthorized charges totaling around 17000 reasoning data breaches and other forms of data theft are so prevalent that it is seemingly impossible to trace the misuse of personal information to one particular breach McGowan v Core Cashless LLC No 223CV00524MJH 2024 WL 488318 WD Pa Feb 8 2024 dismissed for lack of standing because injury was not imminent despite allegations that card numbers are for sale on the Dark Web whose common purchase point was defendant where the plaintiff failed to plausibly show that her payment card information was misused by the unknown hackers In re Samsung Data Sec Breach Litig No 123MD03055 2025 WL 271059 DNJ Jan 3 2025 dismissed for lack of standing despite the plaintiffs allegation that they have been notified that their data is on the Dark Web because the plaintiffs did so without specifying that it was the specific information that was obtained in this data breach versus information obtained elsewhere Thus despite arguments from the plaintiffs bar the motion to dismiss is very much alive and well in data breach litigationppView sourceppSee more ppDISCLAIMER Because of the generality of this update the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations
Attorney Advertisingpp
BakerHostetler
var today new Date var yyyy todaygetFullYeardocumentwriteyyyy
ppRefine your interests ppBack to TopppExplore 2025 Readers Choice AwardsppCopyright var today new Date var yyyy todaygetFullYeardocumentwriteyyyy JD Supra LLCp