Last week, the U.S. Court of Appeals for the Ninth Circuit revived a class action lawsuit related to a 2012 data breach, determining that the future risk of identity theft suffices to establish Article III standing, even where there has been no actual harm. At issue in the case, In re Zappos.com, was whether the plaintiffs had standing to bring claims based on a January 2012 data breach where hackers allegedly stole the personal information of more than 24 million Zappos.com Inc. customers—names, account numbers, passwords, email addresses, billing and shipping addresses, telephone numbers, and credit and debit card information.

The decision is likely to have a significant impact on data breach litigation given the number of such cases filed in the Ninth Circuit. The circuits are currently split on the standard for establishing Article III standing in data breach litigation, a split that will likely continue until the Supreme Court addresses the issue.

The Ninth Circuit’s decision also creates a need for companies to revisit their standard breach notification language, as the court revived the claims against Zappos in part because Zappos warned its customers in its notice that they should consider changing their passwords due to the breach, which the court considered evidence that consumers were at risk of harm from the incident.

Click here to read Crowell & Moring’s full alert.

Print:
EmailTweetLikeLinkedIn
Photo of Brandon C. Ge Brandon C. Ge

Brandon C. Ge is an associate in Crowell & Moring’s Washington, D.C. office, where he is a member of the firm’s Privacy & Cybersecurity and Health Care groups.

Brandon advises clients on a wide range of privacy and cybersecurity laws, regulations, and standards.

Brandon C. Ge is an associate in Crowell & Moring’s Washington, D.C. office, where he is a member of the firm’s Privacy & Cybersecurity and Health Care groups.

Brandon advises clients on a wide range of privacy and cybersecurity laws, regulations, and standards. His practice has a particular focus on advising clients – from start-up digital health companies to large health plans – on all aspects of compliance with the Health Insurance Portability and Accountability Act (HIPAA). Brandon regularly assists clients with responding to security incidents and has successfully represented clients in Office for Civil Rights investigations.

Photo of Nathanial J. Wood Nathanial J. Wood

Nathanial Wood is a partner in Crowell & Moring’s Litigation Group in the firm’s Los Angeles office. His practice focuses on the litigation of complex commercial matters, including privacy and cybersecurity and class actions. Nathanial has substantial experience representing clients at all phases…

Nathanial Wood is a partner in Crowell & Moring’s Litigation Group in the firm’s Los Angeles office. His practice focuses on the litigation of complex commercial matters, including privacy and cybersecurity and class actions. Nathanial has substantial experience representing clients at all phases of the litigation process, from pre-litigation counseling through trial and appeals.