Plaintiffs’ Monitoring Activity to Mitigate Increased Risk of Identity Theft Sufficient for Article III Standing in the Sixth Circuit

iStock_000050437260_XXXLarge

The Sixth Circuit, in a 2-1 majority decision, has reinstated a class action lawsuit against Nationwide Mutual Insurance Company, finding that the plaintiffs’ alleged “imminent, immediate and continuing increased risk” of identify fraud after hackers accessed personal data on Nationwide’s servers constituted a “cognizable injury” under Article III. The court’s unpublished decision cited a range of alleged damages from the plaintiffs’ complaint including the time and expense of monitoring their own credit, as well as a study “purporting to show that in 2011 recipients of data-breach notifications were 9.6 times more likely to experience identify fraud, and had a fraud incidence rate of 19%.”

Based on these allegations, the court held: “Here, Plaintiffs’ allegations of a substantial risk of harm, coupled with reasonably incurred mitigation costs, are sufficient to establish a cognizable Article III injury at the pleading stage of the litigation.” Circuit Judge Helene White, writing for the majority, also noted that the court’s conclusion that plaintiffs alleged “a concrete injury suffered to mitigate an imminent harm… is in line with two recent decisions from the Seventh Circuit.” Lewert v. P.F. Chang’s China Bistro, Inc., 819 F.3d 963 (7th Cir. 2016); Remijas v. Neiman Marcus Group, LLC, 794 F.3d 688 (7th Cir. 2015).

Read the full decision here.

Tags: , , ,

1 Comments

  • qinqu.com, 4th Tuesday 2017 at 1:09 am

    Reply

    Ongoing, timely, and consistent document retention policy implementation via purging or organization of such data can reduce storage and litigation costs, mitigate legal and compliance risks, and increase efficiency.


Leave a Comment