You’ve likely seen the recent news – hackers allegedly stole the personal data of 2.9 billion people from a background check company, including Social Security numbers. Also making headlines: over 7 million customers were affected by an AT&T data breach; hackers accessed ancestry reports, zip codes, and birth years of nearly 7 million 23andme customers; data of more than 11 million patients was stolen in one of the biggest health care data breaches in history.
Data breaches are skyrocketing. There were 157 data compromises in 2005 vs. 3,205 data compromises in 2023. Consequently, data breach class actions are also increasing. For example, from 2020 to 2023, data breach class action filings have increased by more than 700%.
Data breach class action litigation remains a dynamic and evolving area of law, characterized by significant risks, untested methodologies, and complex legal challenges. As technology and data security issues continue to develop, the legal landscape will likely adapt, potentially leading to clearer precedents and improved strategies for addressing these pervasive issues.
Historically, achieving class certification in data breach cases has proven to be a steep hill to climb. For instance, in Gaston v. Fabfitfun, Inc., the court noted that such cases often struggle to meet the rigorous standards required for certification. Plaintiffs face formidable obstacles in establishing common injuries among class members stemming from a data breach.
Cases like Hashemi v. Bosley, Inc. highlight the fact that data breach litigation is relatively new. The methodologies for assessing damages in these cases remain largely untested, creating uncertainty for both plaintiffs and defendants. This uncertainty makes it difficult to predict outcomes, as the legal framework for addressing these specific injuries is still evolving.
In Carter v. Vivendi Ticketing United States LLC, the court underscored the complexities surrounding causation. Class members often find it challenging to directly link their injuries to a particular breach, which complicates the standing necessary to pursue claims. The need to demonstrate that harm directly resulted from a specific incident adds a layer of difficulty that can stymie class action efforts.
Despite the hurdles, many data breach class actions do get certified, primarily for settlement purposes. In Graves v. United Indus. Corp., the court emphasized the risks of proceeding without a settlement, including potential denial of class certification or adverse rulings at summary judgment or trial. These risks often make settlement an attractive option for all parties involved, allowing for some degree of resolution despite the inherent uncertainties.
Ultimately, as seen in In re Wawa, Inc. Data Sec. Litig., courts often weigh the high risks associated with pursuing litigation against the potential benefits of a settlement. Approving a settlement allows parties to bypass the uncertainties of trial, which can be particularly appealing in a landscape where outcomes are unpredictable.
Effective data breach class action settlement administration – including proactive communication to affected consumers, credit monitoring, identity theft protection, and compensation for financial losses – can transform a reputational crisis into an opportunity for redemption.
Simpluris is a trusted partner for handling data breach notification and settlement administration. Our approach is customizable and scalable, tailored to meet the needs of any incident, regardless of its form, size, and level of complexity.
By collaborating with Simpluris, we ensure peace of mind by offering timely, cost-effective, and suitable services, including incident notifications, call center support, comprehensive monitoring, real-time alerts, fraud remediation, and identity theft insurance.
Through Simpluris’ exclusive relationship with CyEx, a trusted incident response specialist, we have access to an innovative product portfolio that gives us the broadest solutions to provide suitable consumer protection for credit, identity, financial, minor and medical. Since 1995, CyEx has provided services in more than 2,100 breaches, impacting more than 278 million consumers.