PogoWasRight.org

Menu
  • About
  • Privacy
Menu

Third Circuit Finds Standing for Victim of Data Breach, Citing ‘Imminent Harm’

Posted on November 23, 2022June 24, 2025 by Dissent

Harris Freier and Avi R. Jerushalmy write:

It comes as no surprise that cybersecurity is at the forefront of business owners’ minds across the globe. Corporate cyberattacks were at an all-time high last year, up 50% year over year. The Cybersecurity and Infrastructure Security Agency reported in February that it is aware of ransomware incidents against 14 of the 16 U.S. critical infrastructure sectors.

Ransomware attacks against notable American companies have made headlines, and the actions of these companies in response to those attacks have caused controversy. The stakes are high, as a ransomware attack will cost a company an average total of $4.54 million. The U.S. Court of Appeals for the Third Circuit recently issued an important ruling in the cyber data space. On Sept. 2, the court held that a plaintiff successfully established standing after hackers accessed personal information (PI) from her former employer and published it on the dark web, without requiring her to prove she suffered any actual harm. See Clemens v. ExecuPharm. This ruling makes it easier for victims of identity theft to sue employers, vendors, or any other company that is the victim of a cybersecurity breach even before—or even if they never— experience provable financial harm. The Third Circuit’s decision is in keeping with other jurisdictions that have focused on the exposure of personally identifiable information as the actual harm, rather than a subsequent harm such as identity theft.

Read more at Law.com.

 

No related posts.

Category: BreachesCourtU.S.

Post navigation

← VICTORY! Congress Sends the Safe Connections Act to the President’s Desk
A Hospital Mailed a Patient’s Confidential Diagnosis to a Rando. You’ll Never Guess What Happened Next–ZD v. Community Health →

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • Attorney General James Takes Action to Protect Sensitive Personal Information of Tens of Millions of People
  • Searches of Your Private Data in the Cloud Amount to Illicit State Action
  • How a Tax Subpoena in Ohio Tests European Privacy Law
  • Cambodia moves to enact comprehensive data privacy law
  • White House ordered to restore Medicaid funding to Planned Parenthood clinics
  • California Attorney General Announces $1.55M CCPA Settlement with Healthline.com
  • Canada’s Bill C-2 Opens the Floodgates to U.S. Surveillance

RSS Recent Posts on DataBreaches.net

  • Oops! Catasauqua employees’ Social Security numbers, other data accidentally sent to government watchdog group
  • EU-wide Breach Notification Template on the Horizon
  • Sex toy maker Lovense caught leaking users’ email addresses and exposing accounts to takeovers
  • Hackers wipe out Rs 384 crore from Bengaluru cryptocurrency firm Neblio Technologies; firm says inside job
  • Intelligence cyberattack on Crimea. Documents confirming abduction of children from Ukraine found
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy