Accordingly, we first consider both standing and damages. The assessment of whether these plaintiffs have suffered a cognizable injury-in-fact (as required for Article III standing) is necessarily intertwined with the type and viability of the harms they allege. We focus first on the challenges that plaintiffs face in establishing standing and damages. In this note, we explore the latest developments in private data breach litigation. The result is that large settlements of consumer data breach cases are now quite common, with notable recent resolutions involving T-Mobile ($350 million to consumers), Equifax ($380.5 million), Capital One ($190 million), Zoom ($85 million), Hy-Vee ($20 million), and Home Depot ($12.88 million). In the intervening years, however, the plaintiffs’ bar has developed a series of creative theories that have frequently succeeded in moving data breach actions beyond the pleadings stage. Their task was complicated by facts that, by their nature, often involve incremental risk and latent harm. Private plaintiffs during the initial wave of data breach litigation struggled to establish standing or successfully plead duty, causation, and damages. These private actions, had they been pursued a decade earlier, would have faced little prospect of success. Private plaintiffs typically race to the courthouse to jockey for position, with complaints now brought on average within four weeks of a breach announcement. 36 major data breach class actions were filed in 2021, a 44% increase from 2020. Private civil litigation is now a probability, not a possibility, after a major data breach. Ĭompanies face yet another major risk after a data breach-one which is increasing exponentially-data breach litigation brought by private plaintiffs, often in the form of class actions brought by sophisticated plaintiffs’ counsel who specialize in such cases. For instance, following its 2017 data breach (which affected almost 150 million Americans), Equifax faced litigation brought by 48 states, as well as the District of Columbia and Puerto Rico, which it settled for $175 million, and an enforcement action pursued by the Consumer Financial Protection Bureau, which it resolved for $100 million in civil penalties. Costly regulatory action is also likely to follow. Sixty percent of businesses have been compelled to increase the price of their services or products because of a data breach. But companies also face fiscal consequences that go well beyond the technical cost of redressing the breach, possible reputational harm to their brands, and potential declines in share price. Given that 83% of organizations have now suffered more than one data breach, the prospect of a business facing reoccurring costs in this area is a virtual certainty. companies reached a record high-$9.44 million. In 2022, the average cost of a data breach for U.S. Given the rise in remote working, the shift to cloud-based storage, and the ever-increasing sophistication of cybercriminals, data security risk is not going away.ĭata breaches produce immense financial aftershocks for targeted companies. In the past three years, industry-leading companies such as Microsoft (250 million records, December 2019), Wattpad (268 million records, June 2020), Meta/Facebook (267 million users, April 2020), Estee Lauder (440 million records, January 2020), Whisper (900 million records, March 2020), and Advanced Info Service (8.3 billion records, May 2020) have experienced significant breach events. Data breaches are every day occurrences and major high profile breaches are becoming more common.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |