Posts Tagged with: Class Action

  Back to top
Ed Blog Schools Sued
07 July 2021

Ann Arbor Students Seek Class Action Suit, Alle...

Last week, families of Ann Arbor Public Schools (AAPS) sued the school district, the Michigan Department of Education (MDE), and Washtenaw Intermediate School District (WISD), claiming special education services to which their children were entitled were not adequately provided during the pandemic. Specifically, the action contains assertions that four AAPS students between the ages of […]

Questions Answers
21 September 2017

The 3 Most Common Equifax Breach Questions (wit...

Ever since the news broke regarding the Equifax breach affecting over 140 million people in the U.S., we have received daily phone calls from clients, friends, and family asking what they can do to protect themselves.  Should I sign up for the credit monitoring?  Am I am going to waive my right to join a […]

Cybersecurity
25 August 2017

Data Breach Class Actions: an actual violation ...

In a previous post on this blog here, we noted that the recent decision in D.C. Circuit Court of Appeals had joined a growing number of federal courts holding the risk of future harm is enough to allow a class action to proceed following a data breach. Now the Ninth Circuit Court of Appeals joins […]

Cyber Security
10 August 2017

Data Breach Class Actions: Is a Risk of Future ...

On August 1, the D.C. Circuit Court of Appeals joined a growing number of federal courts holding the risk of future harm is enough to allow a class action to proceed following a data breach. Attias v. CareFirst, Inc., et al., involves a federal class action lawsuit brought by customers whose personal information was allegedly […]

Email Disclaimer 

Please be advised that contacting Miller Johnson or one of its attorneys by email does not constitute establishing an attorney-client relationship or otherwise confidential relationship between you and the Firm. Please do not give us any information you regard as confidential until a formal attorney-client relationship has been established. Any information you give to us before establishing an attorney-client relationship will not be regarded as privileged or confidential. Do you wish to proceed?

Cancel I agree

Publication Signup 

"*" indicates required fields

To receive firm communications, please select from the list of topics, complete your contact information, and Sign Up below.
Hidden
Select Service*
This field is for validation purposes and should be left unchanged.

On August 1, the D.C. Circuit Court of Appeals joined a growing number of federal courts holding the risk of future harm is enough to allow a class action to proceed following a data breach.

Attias v. CareFirst, Inc., et al., involves a federal class action lawsuit brought by customers whose personal information was allegedly stolen as part of a cyberattack on health insurer CareFirst. The district court initially dismissed the class action, holding that alleged increased risk of future identity theft was not enough to give the plaintiffs standing to bring the class action suit. However, the D.C. Circuit held the plaintiffs alleged a substantial risk of identity theft and emphasized that a risk of future harm was enough to establish standing.

The D. C. Circuit was unconvinced by the fact that the breach did not compromise Social Security or credit card numbers.  The court determined that the type of personal information stolen from CareFirst was enough to create a material risk of medical identity theft.

Significantly, the court noted the fact that plaintiffs reasonably spent money to protect themselves from identity theft meant that money damages could potentially make them whole again.  On one hand, a company offering credit monitoring services to victims of a data breach may be inadvertently providing standing to a potential class action. Is that an admission that harm is possible or likely?  On the other hand, if a plaintiff has previously rejected free credit monitoring services can they really claim they will be made whole by monetary damages?

Given the split among federal courts it seems likely the Supreme Court will have to address whether the risk of future identity theft is enough to give data breach plaintiffs standing.

The key takeaways:

  • There is a growing trend in federal courts allowing data breach victims to bring class actions claims based on the risk of future harm.
  • Even if a breach does not include information such as Social Security and credit card numbers, the breach may still form the basis of a class action.
  • The only Michigan court to address this issue held the risk of future harm was not enough to support a class action claim following a data breach.