PogoWasRight.org

Menu
  • About
  • Privacy
Menu

Once Again, Clapper Defeats Data Breach Class Action

Posted on February 15, 2014July 1, 2025 by Dissent

I had noted the Galaria opinion and order over on databreaches.net,  but Judy Selby has a discussion of the ruling in terms of the impact of the Supreme Court’s ruling in Clapper that is worth noting here:

Article III standing has once again proved to be an insurmountable hurdle for data breach class action plaintiffs whose personal information hasn’t been misused.  In Galaria v. Nationwide Mutual Insurance Co., an Ohio federal court relied on the United States Supreme Court’s decision in Clapper v. Amnesty Intern. USA, 133 S.Ct. 1138 (2013), and held that the plaintiffs did not sustain an injury sufficient to confer standing to sue Nationwide following a 2012 hacking incident during which their personally identifying information (PII) was stolen.

The plaintiffs alleged that as a result of the breach, they incurred and will continue to incur damages consisting of (1) the imminent, immediate, and continuing increased risk of identity theft, identity fraud and/or medical fraud; (2) out-of-pocket expenses to purchase credit monitoring, internet monitoring, identity theft insurance and/or data breach risk mitigation products; (3) out-of-pocket expenses incurred to mitigate the increased risk of identity theft, identity fraud and/or medical fraud, including the costs of placing and removing credit freezes; (4) the value of time spent mitigating the increased risk of identity theft, identity fraud and/or medical fraud; (5) the substantially increased risk of being victimized by phishing; (6) loss of privacy; and (7) deprivation of the value of their PII.  The court grouped those alleged damages into three categories: (1) increased risk of harm/cost to mitigate increased risk; (2) loss of privacy; and (3) deprivation of value of PII.  The plaintiffs asserted claims for violation of the Fair Credit Reporting Act (FCRA), negligence, invasion of privacy and bailment, but they did not allege that their PII was misused or that their identity was stolen.  Nationwide moved to dismiss the complaint based on lack of standing and failure to state a claim.

Read more on Data Privacy Monitor.

No related posts.

Category: BreachesBusinessCourt

Post navigation

← UK: Rights groups openly challenge GCHQ in court
PA: Student responsible for ‘CASHS Confessions’ caught →

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure

RSS Recent Posts on DataBreaches.net

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy