Info Law Group

Quickhits: Federal Judge Dismiss Aetna Data Breach Case Due to Lack of "Injury-in-fact"

A Federal judge in the U.S. District Court for the Eastern District of Pennsylvania dismissed a class action lawsuit arising out of a data security breach involving Aetna, Inc. (original compliant found here).  The basis of the dismissal was the plaintiff's lack of standing due to its failure to allege an "injury in fact"  (the dismissal was under section 12(b)(1) of the Federal Rules of Civil Procedure).  In particular the court held that the plaintiff's alleged injury in the form of an increased risk of identity theft is far too speculative based on the factual allegations.  

The following quote cited by the court (from another case), is indicative of the court's reasoning:

[f]or plaintiff to suffer the injury and harm he alleges, many ‘if’s’ would have to come to pass. Assuming plaintiff’s allegation of security breach to be true, plaintiff alleges that he would be injured ‘if’ his personal information was compromised, and ‘if’ such information was obtained by an unauthorized third party, and ‘if’ his identity was stolen as a result, and ‘if’ the use of his stolen identity caused him harm. These multiple ‘if’s’ squarely place plaintiff’s claimed injury in the realm of the hypothetical. If a party were allowed to assert such remote and speculative claims to obtain federal court jurisdiction, the Supreme Court’s standing doctrine would be meaningless.

Note that the basis of this dismissal was not a "failure to state a claim" under 12(b)(6).  Rather this decision basically held that the plaintiffs could not even get a hearing in court on a 12(b)(6) motion because the court lacked subject matter jurisdiction to hear the case at all.  Also note that other courts have found standing for data breach cases, including the Seventh Circuit in Pisciotta.  However, those that have proceeded past the 12(b)(2) motion have often been dismissed under 12(b)(6).  In all, no matter how it happened, it appears that plaintiffs still have significant challenges moving consumer data breach cases further toward trial.

More commentary can be found here.

 

 

Trackbacks (0) Links to blogs that reference this article Trackback URL
http://www.infolawgroup.com/admin/trackback/190974
Comments (0) Read through and enter the discussion with the form at the end
New York Office
244 Fifth Avenue, Suite 2580
New York, NY 10001
Tel:
646.389.1289

Denver Office
1117 S. Clarkson St.
Denver, CO 80210
Tel:
303.325.3528

Los Angeles Office
1500 Rosecrans Ave., Suite 500
Manhattan Beach, CA 90266
Tel:
310.706.4121

Salt Lake Office
5962 S. Fontaine Bleu Dr
Salt Lake City, UT 84121
Tel:
801.953.3858

Connecticut Office
21B Hoydens Hill Road
Fairfield, CT 06824
Tel:
203.292.0667

Chicago Office
225 W. Washington, 22nd Floor
Chicago, IL 60606
Tel:
312.204.7199