follow-up: Man loses fight against firm that suffered data breach

[security curmudgeon <jericho () attrition org>]

http://www.theregister.co.uk/2009/12/03/data_breach_plaintiff_loses/

Man loses fight against firm that suffered data breach
Harm? What harm?
By Dan Goodin in San Francisco

A Missouri man has lost his legal battle against an online prescription 
processor that suffered a security breach that exposed highly sensitive 
subscriber information.

John Amburgy alleged that Express Scripts was negligent because it failed 
to adequately safeguard customer data, including names, dates of birth, 
social security numbers, and prescription drug histories. He argued that 
the breach in October 2008 that exposed an unknown number of subscribers' 
details put him at risk of identity theft for which he was entitled to 
compensation.

A federal judge late last month disagreed. For the case to go forward, he 
said, Amburgy had to show his alleged injury was beyond mere possibility.

"In short, plaintiff does not claim that his personal information has in 
fact been stolen and/or his identity compromised," US Magistrate Judge 
Frederick R. Buckles wrote in a decision dismissing the case. "Rather, 
plaintiff surmises that, as a result of the security breach, he faces an 
increased risk of identity theft at an unknown point in the future."

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php