A court in the District of South Carolina recently denied class certification in a putative consumer data breach class action after concluding that the proposed class and sub-classes were not ascertainable. See In re Blackbaud, Inc., Customer Data Breach Litigation, 2024 WL 21555221 (D.S.C. May 14, 2024).
In February 2022, plaintiffs filed suit against Blackbaud, a business-to-business software company that sells cloud-computing services to social good organizations. Plaintiffs, who had provided personal information to Blackbaud’s customers, alleged that their information was compromised during a breach of Blackbaud’s data centers. In December 2022, plaintiffs moved to certify nationwide and sub-classes representing individuals whose “unencrypted information was stored on the database” of a Blackbaud customer. In support of class certification, plaintiffs sought to demonstrate that the proposed classes were ascertainable by relying on (1) expert opinion, (2) Blackbaud’s discovery responses, (3) customer notices Blackbaud sent following the breach, and (4) Blackbaud’s use of a database to comply with the California Consumer Privacy Act. The court rejected each of those arguments.Continue Reading South Carolina Federal Court Denies Class Certification in Consumer Data Breach Case