Increased Risk of Identity Theft Supports Cyber Attack Victims’ Claims
In the wave of cyber attacks and the ensuing litigation the D.C. Circuit has rendered the first data breach case ruling on standing since the U.S. Supreme Court’s decision in Spokeo v. Robins. Insureds brought a putative class action against health insurer CareFirst, asserting claims for breach of contract, negligence and violation of various state consumer-protection statutes, after their personal information was stolen during a data breach. The trial court dismissed the complaint. The influential federal appeals court reinstated the case claiming the plaintiffs had an increased risk of identity theft upon which their claims could be based. The reviewing court admonished the trial court for giving the complaint an “unduly narrow reading” regarding the nature of the stolen private information.