The Ninth Circuit changes standard on standing in data breach class actions: sufficient the “increased risk of future identity theft”

On March 8, 2018, the U.S. Court of Appeals for the Ninth Circuit found that an alleged “increased risk of future identity theft” suffices Article III standing requirement in a data breach putative class action.

On June 1, 2015, the District Court of Nevada had dismissed for lack of standing the data breach putative class action against Zappos because Plaintiffs did not allege they had suffer any harm. More here.

However, the Court of Appeals reversed the District Court’s judgment as to Plaintiffs’ standing and remanded the matter to the lower court.

The Court of Appeals agreed with Plaintiffs that “[a] person whose PII has been obtained and compromised may not see the full extent of identity theft or identity fraud for years.” And “it may take some time for the victim to become aware of the theft.”

The Court also found that Plaintiffs had sufficiently alleged an injury in fact based on a substantial risk that the Zappos hackers will commit identity fraud or identity theft.

More on standing in data breach putative class actions is available at http://www.technethics… . Also of interest Data breach class actions cases in 2013, 2014, and 2015: the problem of “standing”


In re Zappos.Com, Inc. Customer Data Security Breach Litigation, is available at…


For more information on how to protect your privacy, contact Francesca Giannoni-Crystal

Follow us on& Like us on