Cyberattack victims can sue data custodians despite not suffering actual identity theft. In determining the plaintiffs’ standing, a growing majority of circuit courts now turn to the nature of stolen data to determine whether the victims experience a “substantial risk” of identity theft.
The U.S. Court of Appeals for the Federal Circuit joined the majority approach—followed by the Sixth, Seventh, and Ninth Circuits—holding that victims alleging personal data theft, including medical identification numbers, have standing to pursue their claims.
A minority of circuits, on the other hand, require data breach compromises to include Social Security or credit card numbers before finding a substantial risk exists. In the wake of significant consumer data breaches, the material circuit split signals a need for U.S. Supreme Court intervention to create a uniform test governing standing in consumer data breach cases.
Premium Content For:
- Litigation Section