On December 13, 2018, the District Court for the Northern District of California dismissed a putative securities class action brought against PayPal Holdings, its subsidiary TIO Networks Corp., and several executives of both companies for a security breach that resulted in the potential compromise of personally identifiable information for 1.6 million customers. In Sgarlata v. PayPal Holdings Inc., No. 17-cv-06956-EMC, 2018 WL 6592771 (N.D. Cal. Dec. 13, 2018) (“Sgarlata”), the court dismissed the complaint for failure to plead scienter because plaintiffs failed to adequately plead that defendants knew not only of an actual security breach, but also the magnitude of the breach and the type of data accessed. Continue Reading California District Court Dismisses Securities Class Action After Plaintiffs Failed to Plead that PayPal Knew Magnitude of Security Breach
Roger Cooper’s practice focuses on complex civil litigation, with an emphasis on disputes arising out of securities, M&A and derivative transactions, as well as on corporate governance issues.
The nature of any injury suffered by individuals from a cyber incident continues to be a major issue in data breach litigation. As we have previously discussed, the Supreme Court has thus far declined to address the issue of Article III standing in the data breach context, resulting in an ongoing circuit split on whether data theft is by itself sufficient to satisfy Article III’s injury requirements. Two federal Courts of Appeals recently grappled with injury requirements in the data breach context. Continue Reading Fourth Circuit and Eighth Circuit Address Injury in Data Breach Cases
On April 11, 2018, the Seventh Circuit reversed a district court’s dismissal, for failure to state a claim, of plaintiffs’ proposed class action arising out of a 2012 data breach affecting Barnes & Noble. In so holding, the court reaffirmed its view that allegations of data theft with a substantial risk of future harm are sufficient to assert an “injury” under Article III, even in the absence of allegations that the risk actually materialized. The Seventh Circuit further found that such injury may also satisfy the requisite damages allegations under federal pleading requirements. Continue Reading Seventh Circuit Expands Jurisprudence in Data Breach Cases
On March 2, 2018, Yahoo! entered into a proposed settlement of a securities class action filed against the company following its disclosures in 2016 that it had suffered significant data breaches in 2013 and 2014. Under the settlement, which is still subject to court approval, Yahoo! has agreed to pay $80 million to settle claims that it misled investors by failing to disclose the breaches in its public filings, while still touting the strength of its cybersecurity practices. Continue Reading Yahoo! Enters Proposed Settlement in Data Breach Securities Class Action