In Wynne v. Audi of Am., No. 21-cv-08518-DMR, 2022 U.S. Dist. LEXIS 131625, at *2-4 (N.D. Cal. July 25, 2022), Judge Ryu found that the CCPA, by itself, does not confer Article III standing under the SCOTUS' TransUnion decision. The facts of the data breach were as follows: Wynne makes the following allegations in the amended complaint: Defendant Audi is a… Read More
In Tukin v. Halsted Financial Services, LLC, Judge Wood found no Article III standing for a Hunstein claim (of sharing a consumer's data with a vendor) where the sharing was done by way of encrypted data transfer. First, of note, Judge Wood found no "glassine window" violation for use of an "Intelligent Mail Code" on the dunning letter's envelope. Count III alleges that… Read More
In Patterson v. Med. Review Inst. of Am., LLC, No. 22-cv-00413-MMC, 2022 U.S. Dist. LEXIS 111617, at *5-8 (N.D. Cal. June 23, 2022), Judge Chesney surveyed California law on the subject and dismissed a data breach case on Art. III standing grounds. First, with respect to an increased risk of fraud and identity theft, although Patterson alleges the hackers "accessed… Read More
In In re Ge/Cbps Data Breach Litig., 2021 U.S. Dist. LEXIS 146020, at *16-18 (S.D.N.Y. Aug. 4, 2021), Judge Polk Failla found Article III standing and a negligence case arising out of a data breach. The facts were as follows: GE contracts with Canon to process documents relating to current and former GE employees and their beneficiaries. (Compl. ¶ 41).… Read More
In McMorris v. Carlos Lopez & Assocs., LLC, No. 19-4310, 2021 U.S. App. LEXIS 12328, at *2-7 (2d Cir. Apr. 26, 2021), the Court of Appeals for the Second Circuit approved of the District Court's dismissal on Art. III grounds of an ID Theft class action that the parties had settled and were seeking court approval of. The underlying proceedings were… Read More
In In re Brinker Data Incident Litig., No. 3:18-cv-686-TJC-MCR, 2021 U.S. Dist. LEXIS 71965, at *3-5 (M.D. Fla. Apr. 14, 2021), Judge Corrigan certified a class in a data breach class action. The facts were as follows: The Court has detailed the facts of this case in prior orders (Docs. 65, 92, 122), but several new facts have come to… Read More
In Calhoun v. Google, LLC, Judge Koh allowed part of a claim against Google to proceed based Google Chrome's sharing of data with Google. Plaintiffs are users of Google’s Chrome browser who allege that they “chose not to ‘Sync’ their [Chrome] browsers with their Google accounts while browsing the web . . . from July 27, 2016 to the present.”… Read More
In Tsao v. Captiva MVP Rest. Partnres, Ltd. Liab. Co., No. 18-14959, 2021 U.S. App. LEXIS 3055 (11th Cir. Feb. 4, 2021), the Court of Appeals for the 11th Circuit held that a data theft victim had no Articile III standing. We begin with Tsao's theory that he has Article III standing because he faces a "substantial risk of identity… Read More
On February 2, 2021, Judge Susan Van Keulen, in the Northern District of California, denied in part and granted in part Defendant's Motion to Dismiss. Flores-Mendez et al v. Zoosk, Inc. et al. (N.D. CA; 3:20-cv-04929-WHA). Evaluating Article III standing based on Plaintiff's consent to Defendant's online privacy policy and terms of use, the Court held that: [i]f “the contract language… Read More
On January 12, 2021, Judge David O. Carter granted Marriott’s Motion to Dismiss and dismissed the case, including Plaintiffs’ CCPA claim based on lack of standing. Rahman v. Marriott International, Inc., et al. (C.D. CA; 8:20-cv-00654), here, “Plaintiff alleges that class members were victims of a cybersecurity breach at Marriott when two employees of a Marriott franchise in Russia accessed… Read More
In Stasi v. Inmediata Health Grp. Corp., No. 19cv2353 JM (LL), 2020 U.S. Dist. LEXIS 217097 (S.D. Cal. Nov. 19, 2020), Judge Miller allowed a data security breach class action to proceed. The basis of the class action was as follows: According to Plaintiffs' FAC,1 Inmediata provides billing and health record software and service solutions to healthcare providers. (FAC ¶¶… Read More
In Foster v. Health Recovery Servs., No. 2:19-CV-4453, 2020 U.S. Dist. LEXIS 186508 (S.D. Ohio Oct. 7, 2020), Judge Marbley found that at least one claim of damages for a data breach victim satisfied Art. III standing. In a recent data breach case brought pursuant to the FCRA, the [*14] Third Circuit examined both the congressional judgment and common law factors… Read More
In Kylie S. v. Pearson Plc, No. 19 C 5936, 2020 U.S. Dist. LEXIS 133299 (N.D. Ill. July 28, 2020), Judge Lee dismissed a data breach class action for absence of Article III standing. The facts were as follows: Sometime in late 2018, hackers penetrated AIMSweb's defenses and gained access to the data stored on the platform. Am. Compl. ¶… Read More
In Jantzer v. Elizabethtown Cmty. Hosp., No. 8:19-cv-00791 (BKS/DJS), 2020 U.S. Dist. LEXIS 83207 (N.D.N.Y. May 12, 2020), Judge Sannes dismissed a data breach class action for lack of standing. The facts were as follows: UVM Health is Vermont Corporation headquartered in Burlington, Vermont that consists of a "six-hospital and home health & hospice system" located in "Vermont and northern… Read More
In Stasi v. Inmediata Health Grp. Corp., No. 19cv2353 JM (LL), 2020 U.S. Dist. LEXIS 79303, at *1-4 (S.D. Cal. May 5, 2020), Judge Miller dismissed a nationwide identity theft/data breach class action. The facts were as follows: Plaintiffs allege that in January of 2019, Inmediata learned it was experiencing a large "data security incident" resulting in the exposure of… Read More
In Holly v. Alta Newport Hosp., Inc., No. 2:19-cv-07496-ODW (MRWx), 2020 U.S. Dist. LEXIS 64104, at *1-3 (C.D. Cal. Apr. 10, 2020), Judge Wright held that a data breach victim, on behalf of a putative class, did not plead enough. The facts were as follows: On October [*2] 18, 2019, Plaintiff Sallie Holly filed her First Amended Complaint ("FAC"). (FAC,… Read More
In Campbell v. Facebook, Inc., __ F.3d __, 2020 WL 1023350, The Court of Appeals for the 9th Circuit held that violations of the federal Electronic Communications Privacy Act, 18 U.S.C. § 2510, et seq. (ECPA) and the California Invasion of Privacy Act, Cal. Pen. Code § 630, et seq. (CIPA) are, in and of themselves sufficient, without further allegations… Read More
In Adkins v. Facebook, Inc., No. C 18-05982-WHA, 2019 U.S. Dist. LEXIS 206271 (N.D. Cal. Nov. 26, 2019), Judge Alsup granted in part and denied in part a data breach class. This is a putative class action by plaintiff Stephen Adkins against defendant Facebook, Inc. Plaintiff asserts a claim for negligence based on Facebook's alleged faulty security practices in collecting… Read More
In Steven v. Carlos Lopez & Assocs., No. 18-CV-6500 (JMF), 2019 U.S. Dist. LEXIS 203621 (S.D.N.Y. Nov. 22, 2019), Judge Furman declined to approve settlement of a data breach class due to the absence of Art. III standing. In June 2018, an employee of Defendant Carlos Lopez & Associates, LLC ("CLA"), a provider of mental and behavioral health services to… Read More
In In re Facebook, Inc., No. MDL No. 2843, 2019 U.S. Dist. LEXIS 153505 (N.D. Cal. Sep. 9, 2019), Judge Chhabria allowed some claims to proceed against Facebook arising out of the Cambridge Analytica scandal. Facebook's motion to dismiss is littered with assumptions about the degree to which social media users can reasonably expect their personal information and communications to… Read More
