Seventh Circuit Affirms Rejection of Data Breach Claims
In what is becoming a disappointing cycle for consumers and plaintiff’s lawyers, the Seventh Circuit last week affirmed dismissal of a class action seeking damages arising out of a data breach. (Access a pdf version of the opinion here.) (Previous discussion of the Acxiom case, Bell v. Acxiom Corp., 2006 U.S. Dist. LEXIS 72477 (Oct. 3, 2006) - where the plaintiffs lost due to lack of standing - here.) The action was brought by customers of Old National Bancorp.
Plaintiffs alleged that ONB had set up a website to “solicit
. . . personal information from applicants for banking services, but had failed
to secure [the site] adequately.” A
breach occurred – NCR, the hosting facility, notified ONB of the breach in
2005. Plaintiffs filed suit in federal
court under the Class Action Fairness Act, and alleged injuries and expenses
owing to monitoring required to prevent future exploitation of the compromised
information. Plaintiffs did not allege
any accrued direct financial losses – only the possibility of future losses,
and of course, losses in the form of their personal data being compromised.
The court looked to
Plaintiffs made numerous arguments – by analogy to other
I’ll say it before and I’ll say it again. It’s time for a federal data breach statute…..
[via Wired's Threat Level]