Securities Firm Data Breach Class Action Goes Down in Absence of Actual Damages
Close
 

Securities Firm Data Breach Class Action Goes Down in Absence of Actual Damages

In 2013 hackers accessed the internal database of securities brokerage firm Scottrade, acquiring the personal identifying information (“PII”) of over 4.6 million customers. The cyber thieves exploited the PII to operate a stock price manipulation scheme, illegal gambling websites and a Bitcoin exchange. Victims of the data breach filed putative class actions against Scottrade claiming breach of contract, breach of implied contract, unjust enrichment, declaratory judgment, and violation of the Missouri Merchandising Practices Act (“MMPA”). The Eighth Circuit held plaintiffs had Article III standing for their contract-related claims, but affirmed the trial court’s dismissal with prejudice because the consolidated class action complaint failed to plausibly allege the actual damage that is an element of a breach of contract claim. While the hackers stole PII data and used it in several illegal schemes, no customer affected by the data breach suffered fraud or identity theft that resulted in financial loss from use of the stolen PII. The court resolved that “[m]assive class action litigation should be based on more than allegations of worry and inconvenience.”

Kuhns v Scottrade Inc