PogoWasRight.org

Menu
  • About
  • Privacy
Menu

Private Data Breach Litigation Comes of Age

Posted on February 16, 2023June 24, 2025 by Dissent

Quinn Emanuel Urquhart & Sullivan, LLP write, in part:

Companies face yet another major risk after a data breach—one which is increasing exponentially—data breach litigation brought by private plaintiffs, often in the form of class actions brought by sophisticated plaintiffs’ counsel who specialize in such cases.  Private civil litigation is now a probability, not a possibility, after a major data breach.  36 major data breach class actions were filed in 2021, a 44% increase from 2020.  Private plaintiffs typically race to the courthouse to jockey for position, with complaints now brought on average within four weeks of a breach announcement.

These private actions, had they been pursued a decade earlier, would have faced little prospect of success.  Private plaintiffs during the initial wave of data breach litigation struggled to establish standing or successfully plead duty, causation, and damages See, e.g., In re: Adobe Sys., Inc. Privacy Litig., 66 F. Supp. 3d 1197, 1212 (N.D. Cal. 2014) (noting that “courts in data breach cases regularly” dismiss claims because “increased risk of future harm is insufficient to confer Article III standing”); In re: Sony Gaming Networks & Customer Data Sec. Breach Litig., 996 F. Supp. 2d 942, 963-65 (S.D. Cal. 2014) (dismissing negligence claims because “Plaintiffs’ allegations of causation and harm are wholly conclusory” and Plaintiffs “failed to allege a single cognizable injury proximately caused by Sony’s resulting breach”). Their task was complicated by facts that, by their nature, often involve incremental risk and latent harm.  In the intervening years, however, the plaintiffs’ bar has developed a series of creative theories that have frequently succeeded in moving data breach actions beyond the pleadings stage.  The result is that large settlements of consumer data breach cases are now quite common, with notable recent resolutions involving T-Mobile ($350 million to consumers), Equifax ($380.5 million), Capital One ($190 million), Zoom ($85 million), Hy-Vee ($20 million), and Home Depot ($12.88 million).

This article explores the latest developments in private data breach litigation.  We focus first on the challenges that plaintiffs face in establishing standing and damages.  The assessment of whether these plaintiffs have suffered a cognizable injury-in-fact (as required for Article III standing) is necessarily intertwined with the type and viability of the harms they allege.  Accordingly, we first consider both standing and damages.  We then analyze the state-of-the-art claims currently being asserted by plaintiffs and the defenses being deployed by companies in response.  Finally, we conclude with a discussion of expected future trends.

Read the full article at JDSupra.

No related posts.

Category: BreachesBusinessCourtLawsU.S.

Post navigation

← Biden Team Mulls Using Privacy Rule Amid State Abortion Bans
Ron DeSantis requested the medical records of trans students who sought care at Florida’s public universities. Now students are planning a statewide walkout. →

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • Navigating Privacy Gaps and New Legal Requirements for Companies Processing Genetic Data
  • Germany’s top court holds that police can only use spyware to investigate serious crimes
  • Flightradar24 receives reprimand for violating aircraft data privacy rights
  • Nebraska Attorney General Sues GM and OnStar Over Alleged Privacy Violations
  • Federal Court Allows Privacy Related Claims to Proceed in a Proposed Class Action Lawsuit Against Motorola
  • Italian Garante Adopts Statement on Health Data and AI
  • Trump administration is launching a new private health tracking system with Big Tech’s help

RSS Recent Posts on DataBreaches.net

  • Updating: Two Telegram channels and two accounts banned, one bounty offered, and BreachForums goes down
  • North Korean Kimsuky Hackers Suffer Data Breach as Insiders Leak Information Online
  • Hackers post stolen St. Paul data online as efforts to reset city employee passwords surge forward
  • Justice Department Announces Coordinated Disruption Actions Against BlackSuit (Royal) Ransomware Operations
  • NL: Hackers breach cancer screening data of almost 500,000 women
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy