Plaintiffs’ Monitoring Activity to Mitigate Increased Risk of Identity Theft Sufficient for Article III Standing in the Sixth Circuit
The Sixth Circuit, in a 2-1 majority decision, has reinstated a class action lawsuit against Nationwide Mutual Insurance Company, finding that the plaintiffs’ alleged “imminent, immediate and continuing increased risk” of identify fraud after hackers accessed personal data on Nationwide’s servers constituted a “cognizable injury” under Article III. The court’s unpublished decision cited a range of alleged damages from the plaintiffs’ complaint including the time and expense of monitoring their own credit, as well as a study “purporting to show that in 2011 recipients of data-breach notifications were 9.6 times more likely to experience identify fraud, and had a fraud incidence rate of 19%.”
Based on these allegations, the court held: “Here, Plaintiffs’ allegations of a substantial risk of harm, coupled with reasonably incurred mitigation costs, are sufficient to establish a cognizable Article III injury at the pleading stage of the litigation.” Circuit Judge Helene White, writing for the majority, also noted that the court’s conclusion that plaintiffs alleged “a concrete injury suffered to mitigate an imminent harm… is in line with two recent decisions from the Seventh Circuit.” Lewert v. P.F. Chang’s China Bistro, Inc., 819 F.3d 963 (7th Cir. 2016); Remijas v. Neiman Marcus Group, LLC, 794 F.3d 688 (7th Cir. 2015).