11th Circuit, causation, cognizable harm, damages, data breach, data security, Hannaford data breach payment card PCI DSS, identity the, motion to dismiss, motion to dismiss negligence security breach litigation standing injury-in-fact, negligence
Eleventh Circuit Rules "Damages" Properly Alleged in Data Breach-Identity Theft Lawsuit
By InfoLawGroup LLP on September 17, 2012
authentication, comerica, commercially reasonable security, contracting, experimetal, FFIEC, layered security, multifactor authentication, patco, phishing, reasonable, Red Flags Rule, Security, security breach, security breach litigation, token, UCC 4A-202
The Duty to Authenticate Identity: the Online Banking Breach Lawsuits
By InfoLawGroup LLP on April 17, 2012
We have entered an era where our commercial transactions are increasingly being conducted online without any face-to-face interaction, and without the traditional safeguards used to confirm that a party is who they purport to be. The attenuated nature of many online relationships has created an opportunity for criminal elements to steal or spoof online identities and use them for monetary gain. As such, the ability of one party to authenticate the identity of the other party in an online transaction is of key importance.To counteract this threat, the business community has begun to develop new authentication procedures to enhance the reliability of online identities (so that transacting parties have a higher degree of confidence that the party on the other end of an electronic transaction is who they say they are). At the same time, the law is beginning to recognize a duty to authenticate. This blogpost post looks at two online banking breach cases to examine what courts are saying about authentication and commercially reasonable security.
damages, data breach, Hannaford, motion to dismiss Hannaford data breach payment card PCI DSS, payment card, PCI DSS
Federal Appeals Court Holds Identity Theft Insurance/Credit Monitoring Costs Constitute "Damages" in Hannaford Breach Case
By InfoLawGroup LLP on October 24, 2011
In a significant development that could materially increase the liability risk associated with payment card security breaches (and personal data security breaches, in general), the U.S. Court of Appeals 1st Circuit (the "Court of Appeals") held that payment card replacement fees and identity theft insurance/credit monitoring costs are adequately alleged as mitigation damages for purposes of negligence and an implied breach of contract claim. The decision in Hannaford could be a game changer in terms of the legal risk environment related to personal data breaches, and especially payment card breaches where fraud has been perpetrated. In this post, we summarize the key issues and holdings of the Court of Appeals.
Breach, damages, litigation, personal information, privacy, security breach litigation
California Federal Court Holds that Damages Properly Alleged in RockYou Data Breach Case
By InfoLawGroup LLP on April 19, 2011
In what may be a sign of an evolving judicial atmosphere and approach concerning data breach lawsuits, a Federal judge in the Northern District of California District Court recently refused to dismiss various causes of action related to a data breach involving RockYou. In particular, the Court explored the issue of whether the plaintiff sufficiently alleged "harm" arising out of the data breach. This blog post takes a look the highlights of the Court's decision.
Breach, consumer fraud law, damages, duty, employee, employee privacy, employer, litigation, negligence, notification, social security number
IL Appellate Court: No Duty Exists to Safeguard SSNs for Purposes of a Negligence Claim
By InfoLawGroup LLP on February 03, 2011
InfoLawGroup recently discovered a new data breach case, one of the first that we are aware of in the United States, that dives deep into the issue of whether a common law duty exists to safeguard personal information. In Cooney, et. al v. Chicago Public Schools, et. al¸ an Illinois appellate court actually rendered a decision holding that no such duty exists under Illinois law. In this blogpost we take a closer look at the court's rationale for dismissing the plaintiffs' negligence claim, as well as the other interesting holdings of the court.
damages, Hannaford, litigation, payment card, PCI DSS, security breach
"Damages" Last Stand - Maine Supreme Court Puts an End to the Hannaford Bros. Breach Suit
By InfoLawGroup LLP on September 22, 2010
The Maine Supreme Court has rendered its opinion on the "damages" issue in the Hannaford Bros. consumer security breach lawsuit. Again, the plaintiffs have been unable to establish that they suffered any harm as a result of the Hannaford security breach. Specifically, the Court ruled that "time and effort" alone spent to avoid or remediate reasonably foreseeable harm do not constitute "a cognizable injury for which damages may be recovered." In this blogpost we take a closer look at the Court's rationale.
damages, injury-in-fact, motion to dismiss negligence security breach litigation standing injury-in-fact, negligence, security breach litigation, standing
Quickhits: Federal Judge Dismiss Aetna Data Breach Case Due to Lack of "Injury-in-fact"
By InfoLawGroup LLP on March 12, 2010
4A-202, banking, Breach, FFIEC, litigation, measures, online, reasonable, reasonable security, Security, security breach litigation, Shames-Yeakel, standards, UCC, UCC 4A-202
The Curious Case of EMI v. Comerica: A Bellwether on the Issue of "Reasonable Security"?
By InfoLawGroup LLP on February 24, 2010
ADCR, banking, Breach, Heartland, PCI DSS, security breach litigation, settlement
Issuing Banks File Class Action Suit Against Acquiring Banks in Heartland Breach Matter
By InfoLawGroup LLP on January 21, 2010
banking, FFIEC, measures, online, online banking, reasonable, reasonable security, Security, security breach litigation, security breach litigation security measures, security standards, Shames-Yeakel, UCC 4A-202
Online Banking and "Reasonable Security" Under the Law: Breaking New Ground?
By InfoLawGroup LLP on January 13, 2010
Breach, Cloud, Countrywide, credit monitoring, security breach litigation, security measures, settlement
Quickhits: Security in the Ether; Countrywide Settles Data Breach Case
By InfoLawGroup LLP on January 05, 2010
ADCR, BJ, BJ Wholesale Club, Breach, card, Club, damages, doctrine, economic, economic loss doctrine, fraud, Hannaford, litigation, loss, Massachusetts, mastercard, negligence, payment, payment card, PCI DSS, PCI DSS litigation, retailers, TJX, unfair practices, unfair practices Massachusetts visa mastercard ADCR, visa, Wholesale
Massachusetts's Highest Court Delivers BJ Wholesalers (and other Retailers) a Data Breach Liability Gift
By InfoLawGroup LLP on December 23, 2009
payment card, payment card security breach litigation, PCI DSS, PCI DSS heartland, security breach litigation
Quickhits: AMEX settles with Heartland Payment Systems for $3.6 Million
By InfoLawGroup LLP on December 22, 2009
litigation, payment, payment card, PCI DSS, PCI DSS Radiant Systems, Radiant, Savvis, security breach litigation, security breach litigation service provider, service provider, Systems
The Merchants Strike Back?
By InfoLawGroup LLP on December 03, 2009
class action, FTC, Hannaford, malware, negligence, security breach litigation, SQL injection, State case law
Merchant Liability for "Time and Effort" Following Security Breach?
By W. Scott Blackmer on October 09, 2009
This week the federal court in the Hannaford class action asked the highest court in Maine to clarify whether cardholders' "loss of time and effort" are sufficient injuries to ground a negligence claim following a payment card security breach.
