Frontiers Of Data Breach Litigation: Standing Issues Presented To Seventh Circuit In Lewart v. P.F. Chang’s China Bistro, Inc.

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.jdsupra.com/legalnews/frontiers-of-data-breach-litigation-sta-70540/


In a brief made public on March 10, P.F. Chang’s China Bistro, Inc. urged
the U.S. Court of Appeals for the Seventh Circuit to affirm a lower court’s
decision to toss out two consolidated complaints filed against the company
in the wake of the company’s announcement in June 2014 that customer
payment data in some of its stores had been compromised.  The district
court had found that plaintiffs Lewart and Kosner lacked standing because
they failed to allege actual harm.  On appeal, plaintiffs argue that they
suffered mitigation expenses and temporary loss of their cards and accounts
because of P.F. Chang’s mishandling of the data breach and that this
affords adequate standing.

In the decision below, the district court focused on the fact that neither
plaintiff had alleged that any successful fraudulent charges had been made
on their accounts, let alone that any charges had been unreimbursed by
their banks.  Attempted charges had been made on Kosner’s account, but had
not been honored by his bank.  Any mitigation expenses that the plaintiffs
had incurred were to prevent purely speculative harm.  In its brief to the
Seventh Circuit, P.F. Chang’s echoed this reasoning and highlighted that,
in fact, neither plaintiff had visited a restaurant implicated in the data
breach.

In their opening brief to the Seventh Circuit, the plaintiffs’ statement of
issues is a litany of possible theories for why a person whose personal
information has even potentially been compromised in a company data breach
may suffer injury-in-fact.  Plaintiffs argue, among other things, that they
have been exposed to the risk that their data may be misused in the future,
that they would not have bought P.F. Chang’s goods and services had they
known of the restaurant chain’s mismanagement of customer data, that at
least one of the plaintiffs purchased credit monitoring services as a
consequence of the breach, and that allegations of unreimbursed fraudulent
charges are not necessary given these other harms.

In attempts to overcome the fact that neither of them appear to have
visited a restaurant subject to the data breach, plaintiffs appear to argue
that P.F. Chang’s nevertheless mishandled the disclosure of the data
breach, causing plaintiffs to incur expense to proactively prevent any
damage to their credit, identities, or accounts.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!