You’ve likely seen the recent news – hackers allegedly stole the personal data of 2.9 billion people from a background check company, including Social Security numbers. Also making headlines: over 7 million customers were affected by an AT&T data breach; hackers accessed ancestry reports, zip codes, and birth years of nearly 7 million 23andme customers; data of more than 11 million patients was stolen in one of the biggest health care data breaches in history.
Data breaches are skyrocketing. There were 157 data compromises in 2005 vs. 3,205 data compromises in 2023. Consequently, data breach class actions are also increasing. For example, from 2020 to 2023, data breach class action filings have increased by more than 700%.
Data breach class action litigation remains a dynamic and evolving area of law, characterized by significant risks, untested methodologies, and complex legal challenges. As technology and data security issues continue to develop, the legal landscape will likely adapt, potentially leading to clearer precedents and improved strategies for addressing these pervasive issues.
Historically, achieving class certification in data breach cases has proven to be a steep hill to climb. For instance, in Gaston v. Fabfitfun, Inc., the court noted that such cases often struggle to meet the rigorous standards required for certification.[1] Plaintiffs face formidable obstacles in establishing common injuries among class members stemming from a data breach.
[1] Gaston v. Fabfitfun, Inc., 2021 U.S. Dist. LEXIS 250695, *6. [need to standardize cites]