In Danfer-Klaben v. JPMorgan Chase Bank, N.A., No. SACV 21-262 PSG (JDEx), 2022 U.S. Dist. LEXIS 25553, at *16-17 (C.D. Cal. Jan. 24, 2022), Judge Gutierrez in the Central District of California held that:

The CCPA provides relief to “any consumer whose nonencrypted and nonredacted personal information . . . is subject to an unauthorized access . . . or disclosure as a result of the business’s violation of the duty to implement and maintain reasonable security measures.” Cal. Civ. Code § 1798.150(a)(1). Here, the entire thrust of Plaintiffs’ allegations is that Defendant, after terminating its banking relationship with Plaintiffs, allegedly continued to access and share Plaintiffs’ personal information with unspecified third parties for profit. See FAC ¶¶ 17-18, 52-53. Plaintiffs in no way allege that Defendant’s disclosure to third parties was the result of a failure “to implement and maintain reasonable security measures,” and, as such, their claim falls entirely outside of the reach of the CCPA. See Cal. Civ. Code § 1798.150(a)(1).