Data Breach

The CCPA went live on January 1, 2020, creating a cause of action and potential liability of between $100 to $750 per person for a data breach deriving from a business' failure to maintain reasonable policies and procedures.  Unfortunately, the CCPA does not define the term "reasonable".  While compliance lawyers and consultants properly have been advising their clients to shore… Read More

In Adkins v. Facebook, Inc., No. C 18-05982-WHA, 2019 U.S. Dist. LEXIS 206271 (N.D. Cal. Nov. 26, 2019), Judge Alsup granted in part and denied in part a data breach class. This is a putative class action by plaintiff Stephen Adkins against defendant Facebook, Inc. Plaintiff asserts a claim for negligence based on Facebook's alleged faulty security practices in collecting… Read More

In Anderson v. Kimpton Hotel & Rest. Grp., LLC, No. 19-cv-01860-MMC, 2019 U.S. Dist. LEXIS 133869, at *13-14 (N.D. Cal. Aug. 8, 2019), Judge Chesney dismissed a data breach claim under California's data breach statute, Civil Code 1798.81.5.  The facts were as follows: In their complaint, plaintiffs [*2]  allege "Kimpton uses an online reservation system that facilitates the booking of hotel… Read More

Thanks to David Trepp at BPM for collaborating with Severson & Werson on May 9, 2019 for a webinar on Cybersecurity Incident Avoidance and Response. https://lnkd.in/gYZYTqY Read More

In re Brinker Data Incident Litig., No. 3:18-cv-686-J-32MCR, 2019 U.S. Dist. LEXIS 128573 (M.D. Fla. Aug. 1, 2019), Judge Corrigan allowed a data-breach class action to proceed.  Hackers accessed Brinker's data network and installed malware on point-of-sale ("POS") systems at many Chili's restaurants, which Brinker owns, develops, operates, and franchises.  Brinker publicly announced the breach on May 12, 2018, stating: ”On May… Read More

In Bass v. Facebook, Inc., No. C 18-05982 WHA (JSC), 2019 U.S. Dist. LEXIS 104488 (N.D. Cal. June 21, 2019), Judge Alsup allowed a plaintiff to pursue Facebook for an ID Theft claim.  The facts were as follows: "Access tokens" star in the instant data breach. When a Facebook user logs into Facebook with a specific username and password, that… Read More

In AFGE v. OPM (In re United States OPM Data Sec. Breach Litig.), Nos. 17-5217, 17-5232, 2019 U.S. App. LEXIS 18609 (D.C. Cir. June 21, 2019), the Court of Appeals for the DC Circuit held that ID theft victims represented by their Union had article III standing.  The facts are rather dramatic. As its name suggests, the U.S. Office of… Read More

We'll be co-hosting a webinar on May 9, 2019 on Cybersecurity Incident Avoidance and Response.   Click on the Invite Link to register! Cybersecurity Incident Avoidance and Response Invite           Read More

In Razuki v. Caliber Home Loans, Inc., Case No. 17-CV-1718-LAB (WVG), 2018 WL 6018361 (S.D. Cal. Nov. 15, 2018), Judge Burns showed the difficulty that an identity theft victim has in seeking to make a claim arising out of a data breach, dismissing the Plaintiff’s claims with prejudice.  As to the negligence claim, the Court found an absence of appreciable harm.… Read More