Data breach victims may find it easier to get their day in court following a precedential ruling by a federal appellate court. In Remijas v. Neiman Marcus Group, LLC, the federal appellate court bucked the prevailing trend toward dismissing such lawsuits for lack of standing under Article III of the U.S. Constitution, which generally requires a “concrete and particularized injury.” Instead, the court held that allegations of future fraudulent charges and identity theft were sufficient to establish Article III standing in a putative data breach class action because there was a “substantial risk” that harm would occur. Leaders of the ABA Section of Litigation suggest that Remijas may provide a blueprint for plaintiffs seeking to overcome the standing hurdle.
The Neiman Marcus Data Breach
In January 2014, Neiman Marcus disclosed that it had suffered a data breach that compromised credit card information for approximately 350,000 of its customers. Of those customers, 9,200 were estimated to have incurred fraudulent charges. Neiman Marcus offered one year of credit monitoring and identity theft protection to those affected.