{"id":464,"date":"2018-02-27T13:56:33","date_gmt":"2018-02-27T18:56:33","guid":{"rendered":"https:\/\/www.amp.legal\/blog\/?p=464"},"modified":"2018-03-28T17:19:51","modified_gmt":"2018-03-28T21:19:51","slug":"path-clears-data-breach-plaintiffs","status":"publish","type":"post","link":"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/","title":{"rendered":"Path Clears For Data Breach Plaintiffs"},"content":{"rendered":"

The U.S. Supreme Court cleared the path for cyber breach\u00a0plaintiffs to establish standing in their lawsuit against CareFirst. The Supreme Court\u2019s refusal to review the lower appeal court\u2019s decision to grant standing for the plaintiffs allows the case to proceed.<\/p>\n

CareFirst is a health insurance company with customers in the District of Columbia, Maryland, and Virginia. In May 2015, CareFirst notified its customers that an unknown\u00a0hacker breached its network in 2014. Once inside, the intruder reached a database that contained the personal information of CareFirst\u2019s customers. The information included names, social security numbers, birth dates, credit cards, and email addresses.<\/p>\n

Shortly after being notified, the victims of the breach filed a federal lawsuit in the District of Columbia. As plaintiffs, the victims alleged that CareFirst failed to properly encrypt its data.<\/p>\n

\"\"Lower Court Decisions<\/h3>\n

In 2016, the federal district court dismissed<\/a> the plaintiff\u2019s case for lacking Article III standing. The district court explained that the risk of future harm\u00a0was\u201d too speculative\u201d to establish the plaintiff\u2019s injury. Also, the district court found the plaintiffs were missing the requirement that there be an \u201cactual or imminent\u201d injury. As a result of the ruling, the plaintiffs appealed the district court\u2019s decision.<\/p>\n

In 2017, the federal appeals court examined<\/a> whether the plaintiffs had \u201cplausibly alleged a risk of future injury.\u201d The appeals court weighed if the future injury was \u201csubstantial enough to create Article III standing.\u201d After reviewing the appeal, the appeals court reversed the lower district court’s decision. The appeals court held that the plaintiff\u2019s standing only required injuries that are \u201cfairly traceable\u201d to CareFirst. The\u00a0standing analysis viewed the plaintiffs as prevailing if CareFirst failed to properly secure it customers’ data. As a result, the failure to secure data would expose the plaintiffs to a substantial risk of identity theft.<\/p>\n

On February 16, 2018, the Supreme Court denied<\/a> CareFirst’s appeal to review the case.\u00a0Advocates for CareFirst declared their disappointment with the Supreme Court for not\u00a0breaking a\u00a0circuit split<\/a>. The Third, Fourth, and Eighth Circuits said that a threat of harm or an increased risk was\u00a0insufficient to establish standing. Meanwhile, the Sixth, Seventh, and Ninth Circuits, along with the District of Columbia, granted standing based on an increased risk of future identity theft.<\/p>\n

Corporate Accountability<\/h3>\n

CareFirst\u2019s inability to get the lawsuit dismissed\u00a0shows a more favorable view of standing for cyber breach plaintiffs. In Data Breach Today<\/a>, Attorney Jonathan Nance,\u00a0representing\u00a0the plaintiffs, points out that \u201cdata breaches are happening all of the time.\u201d Nance further added, \u201cThe D.C. Circuit’s opinion and the Supreme Court’s decision to deny cert simply indicate that our courts will permit citizens to hold corporations accountable when they fail to take reasonable precautions to protect our data.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

The U.S. Supreme Court cleared the path for cyber breach\u00a0plaintiffs to establish standing in their lawsuit against CareFirst. The Supreme Court\u2019s refusal to review the lower appeal court\u2019s decision to grant standing for the plaintiffs […]<\/p>\n","protected":false},"author":1,"featured_media":465,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[27],"tags":[69,74,25,64],"yoast_head":"\nPath Clears For Data Breach Plaintiffs - Cyber Law Blog<\/title>\n<meta name=\"description\" content=\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Path Clears For Data Breach Plaintiffs - Cyber Law Blog\" \/>\n<meta property=\"og:description\" content=\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Law Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-02-27T18:56:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-03-28T21:19:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/02\/Light-path.png\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/\"},\"author\":{\"name\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f\"},\"headline\":\"Path Clears For Data Breach Plaintiffs\",\"datePublished\":\"2018-02-27T18:56:33+00:00\",\"dateModified\":\"2018-03-28T21:19:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/\"},\"wordCount\":465,\"publisher\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\"},\"keywords\":[\"attorney\",\"breach litigation\",\"data breach\",\"hacker\"],\"articleSection\":[\"Cyber Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/\",\"url\":\"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/\",\"name\":\"Path Clears For Data Breach Plaintiffs - Cyber Law Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#website\"},\"datePublished\":\"2018-02-27T18:56:33+00:00\",\"dateModified\":\"2018-03-28T21:19:51+00:00\",\"description\":\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.amp.legal\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Path Clears For Data Breach Plaintiffs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#website\",\"url\":\"https:\/\/www.amp.legal\/blog\/\",\"name\":\"Cyber Law Blog\",\"description\":\"Exploring technology law in cyberspace\",\"publisher\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.amp.legal\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\",\"name\":\"Alice M. Porch, P.A.\",\"url\":\"https:\/\/www.amp.legal\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png\",\"contentUrl\":\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png\",\"width\":1104,\"height\":1114,\"caption\":\"Alice M. Porch, P.A.\"},\"image\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f\",\"name\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g\",\"caption\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\"},\"description\":\"Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal\/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.\",\"sameAs\":[\"https:\/\/www.aliceporch.com\",\"https:\/\/www.linkedin.com\/in\/alice-m-porch\/\"],\"url\":\"https:\/\/www.amp.legal\/blog\/author\/amplegal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Path Clears For Data Breach Plaintiffs - Cyber Law Blog","description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/","og_locale":"en_US","og_type":"article","og_title":"Path Clears For Data Breach Plaintiffs - Cyber Law Blog","og_description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","og_url":"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/","og_site_name":"Cyber Law Blog","article_published_time":"2018-02-27T18:56:33+00:00","article_modified_time":"2018-03-28T21:19:51+00:00","og_image":[{"width":900,"height":525,"url":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/02\/Light-path.png","type":"image\/png"}],"author":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/#article","isPartOf":{"@id":"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/"},"author":{"name":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f"},"headline":"Path Clears For Data Breach Plaintiffs","datePublished":"2018-02-27T18:56:33+00:00","dateModified":"2018-03-28T21:19:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/"},"wordCount":465,"publisher":{"@id":"https:\/\/www.amp.legal\/blog\/#organization"},"keywords":["attorney","breach litigation","data breach","hacker"],"articleSection":["Cyber Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/","url":"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/","name":"Path Clears For Data Breach Plaintiffs - Cyber Law Blog","isPartOf":{"@id":"https:\/\/www.amp.legal\/blog\/#website"},"datePublished":"2018-02-27T18:56:33+00:00","dateModified":"2018-03-28T21:19:51+00:00","description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","breadcrumb":{"@id":"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.amp.legal\/blog\/path-clears-data-breach-plaintiffs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.amp.legal\/blog\/"},{"@type":"ListItem","position":2,"name":"Path Clears For Data Breach Plaintiffs"}]},{"@type":"WebSite","@id":"https:\/\/www.amp.legal\/blog\/#website","url":"https:\/\/www.amp.legal\/blog\/","name":"Cyber Law Blog","description":"Exploring technology law in cyberspace","publisher":{"@id":"https:\/\/www.amp.legal\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.amp.legal\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.amp.legal\/blog\/#organization","name":"Alice M. Porch, P.A.","url":"https:\/\/www.amp.legal\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png","contentUrl":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png","width":1104,"height":1114,"caption":"Alice M. Porch, P.A."},"image":{"@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f","name":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g","caption":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+"},"description":"Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal\/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.","sameAs":["https:\/\/www.aliceporch.com","https:\/\/www.linkedin.com\/in\/alice-m-porch\/"],"url":"https:\/\/www.amp.legal\/blog\/author\/amplegal\/"}]}},"_links":{"self":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/464"}],"collection":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/comments?post=464"}],"version-history":[{"count":15,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/464\/revisions"}],"predecessor-version":[{"id":508,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/464\/revisions\/508"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/media\/465"}],"wp:attachment":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/media?parent=464"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/categories?post=464"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/tags?post=464"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}