On July 20, 2015 the U.S. Court of Appeals for the 7th Circuit addressed the issue of standing in a suit by class action plaintiffs against Neiman Marcus following a 2013 data breach. Neiman Marcus Opinion (01008181xAE57E)
In a significant decision by an influential court, the 7th Circuit ruled that plaintiffs showed a substantial risk of harm from the breach and therefore have standing to sue.
The class members alleged lost time and money resolving fraudulent charges and protecting themselves from future identify theft, lost value of purchases that they would not have made had they known of the store’s “careless approach to cybersecurity” and lost control over the value of their personal information.
Allegations of future harm can establish Article III standing if the harm is impending but allegations of possible future injury are not sufficient.
The Court of Appeals relied on the California federal district court’s reasoning in In re Adobe Sys. Privacy Litigation when it stated “the Neiman Marcus customers should not have to wait until hackers commit identity theft or credit card fraud in order to give the class standing because there is an objectively reasonable likelihood that such an injury will occur.” The Court of Appeals commented that it is unlikely that Neiman Marcus offered credit monitoring because “the risk is so ephemeral that it can safely be disregarded.” It also described credit monitoring costs as a concrete injury.
This opinion is one of the few to find standing in a data breach case but it may be the one that turns the tide for plaintiffs. It also calls for another look at whether offering credit monitoring escalates a future risk into a recoverable harm.
The post Court of Appeals Allows Class Action to Proceed Against Neiman Marcus appeared first on CyBIR: Cyber and Privacy Breaches – Insurance and Reinsurance.