In Adkins v. Facebook, Inc., No. C 18-05982 WHA, 2020 U.S. Dist. LEXIS 214006 (N.D. Cal. Nov. 15, 2020), Judge Alsup granted preliminary approval of the Facebook data breach class action. This case arises from the September 2018 hack of Facebook. A prior order detailed the facts (Dkt. No. 153). In brief, certain access tokens permitted access to Facebook users'… Read More
In In re Sonic Corp. Customer Data Breach Litig. Fin. Insts., No. 1:17-md-02807-JSG, 2020 U.S. Dist. LEXIS 204169 (N.D. Ohio Nov. 2, 2020), Judge Gwin certified a data breach class. The facts were as follows: Between April 7, 2017, and October 28, 2017, hackers used malware installed on point-of-sale systems at 762 Sonic restaurants to steal sales transaction payment card… Read More
In Holly v. Alta Newport Hosp., Inc., No. 2:19-cv-07496-ODW (MRWx), 2020 U.S. Dist. LEXIS 195652 (C.D. Cal. Oct. 21, 2020), Judge Wright dismissed a data breach class action because the class representative could not demonstrate compensable loss. Holly alleges that she suffered "emotional harm and distress and has been injured in her mind and body." (SAC ¶ 49.) She also… Read More
In Foster v. Health Recovery Servs., No. 2:19-CV-4453, 2020 U.S. Dist. LEXIS 186508 (S.D. Ohio Oct. 7, 2020), Judge Marbley found that at least one claim of damages for a data breach victim satisfied Art. III standing. In a recent data breach case brought pursuant to the FCRA, the [*14] Third Circuit examined both the congressional judgment and common law factors… Read More
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory yesterday, alerting companies who engage with victims of ransomware attacks of potential sanctions risks for facilitating ransomware payments. This advisory highlights OFAC’s designations of malicious cyber actors and those who facilitate ransomware transactions under its cyber-related sanctions program. It identifies U.S. government resources for reporting… Read More
In Kylie S. v. Pearson Plc, No. 19 C 5936, 2020 U.S. Dist. LEXIS 133299 (N.D. Ill. July 28, 2020), Judge Lee dismissed a data breach class action for absence of Article III standing. The facts were as follows: Sometime in late 2018, hackers penetrated AIMSweb's defenses and gained access to the data stored on the platform. Am. Compl. ¶… Read More
In Blahous v. Sarrell Reg'l Dental Ctr. for Pub. Health, Inc., No. 2:19-cv-798-RAH-SMD, 2020 U.S. Dist. LEXIS 125394 (M.D. Ala. July 16, 2020), Judge Huffaker dismissed a data breach case due to absence of compensable loss. The facts were as follows: For many, the phrase "data breach" provokes dread and invokes disquiet. Suddenly, a person's once private information roams untrammeled,… Read More
In In re Sonic Corp. Customer Data Sec. Breach Litig., No. 1:17-md-2807, 2020 U.S. Dist. LEXIS 114891 (N.D. Ohio July 1, 2020), Judge Gwin allowed a negligence claim to stand in a data breach case against Sonic. The facts were as follows. Sonic restaurants are largely franchisee-owned. Sonic Defendants only directly own about 6% of Sonic restaurants. However, Sonic exerts… Read More
In Thomas v. Kimpton Hotel & Rest. Grp., No. 19-cv-01860-MMC, 2020 U.S. Dist. LEXIS 114170 (N.D. Cal. June 30, 2020), Judge Chesney dismissed part(s) of a data breach claim. The facts were as follows: In the operative complaint, the Third Amended Complaint ("TAC"), plaintiffs allege Kimpton, an entity that "own[s] or manage[s]" a number of hotels (see TAC ¶ 1),… Read More
Attorneys Joseph Guzzetta and Evelina Manukyan published an article with the International Association of Privacy Professionals entitled "How function creep may cripple app-based contact tracing". A link to the Article can be found at: https://iapp.org/news/a/how-function-creep-may-cripple-app-based-contact-tracing/ Read More
In In re Capital One Consumer Data Sec. Breach Litig., No. 1:19md2915 (AJT/JFA), 2020 U.S. Dist. LEXIS 91736, at *5-9 (E.D. Va. May 26, 2020), Judge Anderson found that a consultant's report prepared in connection with a data breach was not entitled to work product protection and must be turned over to the Plaintiffs. The facts were as follows: On… Read More
In Tailford v. Experian Info. Sols., No. SACV 19-02191JVS(KESx), 2020 U.S. Dist. LEXIS 84658 (C.D. Cal. May 12, 2020), Judge Selna dismissed a claim against Experian for failure to disclose in a “file” under the FCRA behavioral data that it maintained on the consumer. The data the Experian maintained was as pleaded as follows: Experian also collects "non-traditional" consumer data… Read More
In Jantzer v. Elizabethtown Cmty. Hosp., No. 8:19-cv-00791 (BKS/DJS), 2020 U.S. Dist. LEXIS 83207 (N.D.N.Y. May 12, 2020), Judge Sannes dismissed a data breach class action for lack of standing. The facts were as follows: UVM Health is Vermont Corporation headquartered in Burlington, Vermont that consists of a "six-hospital and home health & hospice system" located in "Vermont and northern… Read More
In In re Solara Med. Supplies, LLC Customer Data Sec. Breach Litig., No. 3:19-cv-2284-H-KSC, 2020 U.S. Dist. LEXIS 80736 (S.D. Cal. May 7, 2020), Judge Huff allowed a data breach claim to proceed. The facts were as follows: On November 13, 2019, Solara Medical Supplies, LLC ("Solara") notified its customers of a security incident that may have compromised the information… Read More
In Stasi v. Inmediata Health Grp. Corp., No. 19cv2353 JM (LL), 2020 U.S. Dist. LEXIS 79303, at *1-4 (S.D. Cal. May 5, 2020), Judge Miller dismissed a nationwide identity theft/data breach class action. The facts were as follows: Plaintiffs allege that in January of 2019, Inmediata learned it was experiencing a large "data security incident" resulting in the exposure of… Read More
In June 2018, Alastair MacTaggart and Rick Arney of Californians for Consumer Privacy managed to get the California Legislature to pass the most sweeping privacy legislation in the country - the California Consumer Privacy Act of 2018 (“CCPA”). However, as we reported on September 27, 2019, it turns out that they were just getting started with CCPA. On September 25,… Read More
In Holly v. Alta Newport Hosp., Inc., No. 2:19-cv-07496-ODW (MRWx), 2020 U.S. Dist. LEXIS 64104, at *1-3 (C.D. Cal. Apr. 10, 2020), Judge Wright held that a data breach victim, on behalf of a putative class, did not plead enough. The facts were as follows: On October [*2] 18, 2019, Plaintiff Sallie Holly filed her First Amended Complaint ("FAC"). (FAC,… Read More
Forbes reported that it received an email from representatives of Attorney General Xavier Becerra refusing an industry group request to delay enforcement of the California Consumer Privacy Act of 2018 (“CCPA”) due to the ongoing disruptions caused by the response to 2019 novel coronavirus (2019-nCoV) (“COVID-19”). With California on lockdown, and most businesses forced to close or have employees work… Read More
In Campbell v. Facebook, Inc., __ F.3d __, 2020 WL 1023350, The Court of Appeals for the 9th Circuit held that violations of the federal Electronic Communications Privacy Act, 18 U.S.C. § 2510, et seq. (ECPA) and the California Invasion of Privacy Act, Cal. Pen. Code § 630, et seq. (CIPA) are, in and of themselves sufficient, without further allegations… Read More
Alastair Mactaggart penned the attached letter (here) on where he thinks the CCPA falls short, and what he proposes the Senate ought to do to fix it. Read More
