The nature of any injury suffered by individuals from a cyber incident continues to be a major issue in data breach litigation. As we have previously discussed, the Supreme Court has thus far declined to address the issue of Article III standing in the data breach context, resulting in an ongoing circuit split on whether data theft is by itself sufficient to satisfy Article III’s injury requirements. Two federal Courts of Appeals recently grappled with injury requirements in the data breach context. Continue Reading Fourth Circuit and Eighth Circuit Address Injury in Data Breach Cases
Roger Cooper’s practice focuses on complex civil litigation, with an emphasis on disputes arising out of securities, M&A and derivative transactions, as well as on corporate governance issues.
On April 11, 2018, the Seventh Circuit reversed a district court’s dismissal, for failure to state a claim, of plaintiffs’ proposed class action arising out of a 2012 data breach affecting Barnes & Noble. In so holding, the court reaffirmed its view that allegations of data theft with a substantial risk of future harm are sufficient to assert an “injury” under Article III, even in the absence of allegations that the risk actually materialized. The Seventh Circuit further found that such injury may also satisfy the requisite damages allegations under federal pleading requirements. Continue Reading Seventh Circuit Expands Jurisprudence in Data Breach Cases
On March 2, 2018, Yahoo! entered into a proposed settlement of a securities class action filed against the company following its disclosures in 2016 that it had suffered significant data breaches in 2013 and 2014. Under the settlement, which is still subject to court approval, Yahoo! has agreed to pay $80 million to settle claims that it misled investors by failing to disclose the breaches in its public filings, while still touting the strength of its cybersecurity practices. Continue Reading Yahoo! Enters Proposed Settlement in Data Breach Securities Class Action