E.D. La. Dismisses Data Breach Action for Lack of Standing

At the beginning of May, a federal judge in the Eastern District of Louisiana dismissed a putative class action against eBay stemming from a breach the company experienced in 2014.

In that breach, hackers accessed customers' names, encrypted passwords, dates of birth, and contact information, but no financial data or social security numbers. In that case, the plaintiff did not allege that any of the information accessed was actually misused or that there was any attempt to use it, so his primary theory of injury was based on an increased risk of identity theft. The court concluded "the mere fact that Plaintiff's information was accessed during the Data Breach is insufficient to establish injury-in-fact," and "the potential threat of identity theft or identity fraud, to the extent any exists in this case, does not confer standing on Plaintiff to pursue this action in federal court." The court noted that its disposition was in line with the vast majority of post-Clapper data breach cases to have considered the issue.

© Arnold & Porter Kaye Scholer LLP 2015 All Rights Reserved. This blog post is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.