On October 17, the District of Massachusetts added to the growing line of federal courts that have held a mere data breach, without additional harm, is insufficient to grant customers Article III standing.  See Webb v. Injured Workers Pharmacy, LLC, 2022 WL 10483751, at *1 (D. Mass. Oct. 17, 2022).  In February 2022, a home delivery pharmacy notified over 75,000 affected customers that hackers broke through its defenses and accessed patients’ personal data.  Two of these customers filed a putative class action against the pharmacy, alleging various tort and contract theories.  The court dismissed their claims for lack of standing, holding that plaintiffs had failed to allege any actionable harm stemming from the data breach despite their allegations that the breach caused them significant emotional harm.

Continue Reading Data Breach, Without Allegations of Misuse, Isn’t Enough for Article III Standing

A court in the District of Kansas recently remanded a data breach class action against a hospital to state court for lack of standing, holding that the named plaintiffs had failed to demonstrate any injury in fact that was fairly traceable to the exposure of their personal and health information.  See Memorandum and Order, Blood v. Labette County Medical Center, No. 5:22-cv-04036-HLT-KGG (D. Kansas Oct. 20, 2022), ECF 27.

Continue Reading Hospital Data Breach Class Action Fails Due to “Speculative” Injury

Following a week-long trial, a jury in Illinois awarded a plaintiff class of truck drivers a $228 million verdict against BNSF Railways for violations of the Illinois Biometric Information Privacy Act (“BIPA”).  The large verdict, arising from the first case to go to trial under the 2008 law, highlights the potential impact of class actions brought under this statute.

Continue Reading Illinois BIPA jury verdict highlights rising prominence of class actions based on state privacy statutes

The Eleventh Circuit, sitting en banc, recently applied TransUnion to hold that a plaintiff lacked Article III standing to bring claims under the Fair Debt Collection Practices Act.  Hunstein v. Preferred Collection & Mgmt. Servs., Inc., No. 19-14434, 2022 WL 4102824 (11th Cir. Sept. 8, 2022)(en banc).  The en banc decision reversed a controversial panel decision allowing a plaintiff to sue a collection agency for disclosing information about his debt to the agency’s mail vendor.

Continue Reading Eleventh Circuit, Sitting En Banc, Reverses Panel Decision And Holds FDCPA Plaintiff Lacks Standing

The Third Circuit recently reinstated the putative class action Clemens v. ExecuPharm Inc., concluding there was sufficient risk of imminent harm after a data breach to confer standing on the named plaintiff when the information had been posted on the Dark Web.

Continue Reading Data Breach and the Dark Web: Third Circuit Allows Class Action Standing With Sufficient Risk of Harm

Last week the Third Circuit reversed a summary judgment ruling in favor of Harriet Carter Gifts and NaviStone for alleged violations of Pennsylvania’s Wiretapping and Electronic Surveillance Control Act, or WESCA.  See Popa v. Harriet Carter Gifts, Inc., Case No. 21-2203, 2022 WL 3366425 (3rd Cir. Aug. 16, 2022). This lawsuit is one of many recent putative class actions attempting to apply decades-old wiretapping laws against websites and their service providers.  The named plaintiff is a consumer that allegedly shopped on Harriet Carter Gifts’ website while NaviStone’s marketing software was installed on the website.  Plaintiff argued that defendants violated WESCA by simultaneously sending her interactions with Harriet Carter’s website to NaviStone.

Continue Reading Third Circuit Revives Wiretapping Claims Against Marketing Software Company

A settlement class that Judge Lewis A. Kaplan (S.D.N.Y.) was likely to approve circa June 2021 was rejected “on further reflection” last week, due to a lack of information about how the lead plaintiff stacked up against a class of largely “anonymous” crypto investors. 

Continue Reading Crypto Class Settlement Nixed Due to Insufficient Data on “Anonymous” Investors 

The Northern District of California denied class certification in a data breach suit against Zoosk, an online dating service, concluding that the lead plaintiff had waived any right to represent a class by agreeing to a class-action waiver.  See Order Denying Class Certification, Flores-Mendez v. Zoosk, Inc., No. 3:20-04929-WHA (N.D. Cal. July 27, 2022).

Continue Reading Class Certification Denied in Data Breach Class Action Based on Class-Action Waiver in Terms of Service

On July 21, the federal district court denied remand of a proposed class action against Build-A-Bear Workshop, Inc., rejecting the plaintiff’s attempt to remand based merely on Build-A-Bear raising lack of standing as an affirmative defense in its answer.  See Order Denying Motion to Remand, Ruby v. Build-A-Bear Workshop, Inc., No. 4:21-cv-01152-JAR (E.D. Mo. July 21, 2022).

Continue Reading Court Denies Motion to Remand Build-A-Bear TCPA Suit When Standing Raised as an Affirmative Defense

Last week, the Northern District of California dismissed a putative class action lawsuit against Google, which alleged that the company used a secret program called “Android Lockbox” to spy on Android smartphone users.  See Order Granting Motion to Dismiss, Hammerling v. Google LLC, No. 21-cv-09004-CRB (N.D. Cal. July 18, 2022).  The complaint alleged ten different claims for relief under a variety of legal theories, including privacy, fraud, contract, and California’s Unfair Competition Law.  The Court granted Google’s motion to dismiss on all claims.  Although the Court gave plaintiffs leave to amend, it noted that the deficiencies in the complaint “will be difficult to cure,” signaling that plaintiffs face an uphill battle in keeping this lawsuit alive.

Continue Reading Court Tosses “Android Lockbox” Secret Spying Program Class Action