California’s Northern District Bucks Standing Trend in Data Breach Class Action

Technology   |   Intellectual Property   |   Cybersecurity and Privacy   |   December 22, 2014
Download Download   
Share Share Page

A recent California federal district court order may prove a massive boon to data breach class action plaintiffs. The Northern District of California order, issued in In re Adobe Systems, Inc. Privacy Litigation, denied Adobe’s motion to dismiss. The court found that the plaintiffs have standing to sue based on their now-increased risk of future harm due to the alleged compromise of their confidential information by hackers who gained unauthorized access to Adobe’s systems.

This ruling breaks with the majority view that increased risk of identity theft following a data breach is insufficient to satisfy the standing requirements of Article III of the United States Constitution, as articulated in the Supreme Court’s 2013 precedent in Clapper v. Amnesty International. Under Clapper, the threat of injury must be “certainly impending” to give rise to standing. Yet after a data breach, victims may not suffer financial harm immediately. Often, they may find that their identity or financial accounts have been compromised months or years after the breach. As a result, most courts have dismissed data breach putative class actions for lack of standing.

According to the Northern District of California, however, the alleged disclosure of the plaintiffs’ nonpublic personal information, including usernames, passwords, and credit card numbers, was sufficient injury to confer standing to sue. The court found that “the threatened harm alleged here is sufficiently concrete and imminent to satisfy Clapper.”

So far, the decision’s effect is unclear. But it certainly provides additional support for plaintiffs seeking to assert claims on behalf of a class injured by a data breach. Nevertheless, the court noted that the most factually analogous case, a data breach class action in the Southern District of Ohio, reached the opposite conclusion. Given the proliferation of data heists targeting large corporations, it is likely that this important question of law will continue to develop rapidly over the coming months.

©2022 Carlton Fields, P.A. Carlton Fields practices law in California through Carlton Fields, LLP. Carlton Fields publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information and educational purposes only, and should not be relied on as if it were advice about a particular fact situation. The distribution of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship with Carlton Fields. This publication may not be quoted or referred to in any other publication or proceeding without the prior written consent of the firm, to be given or withheld at our discretion. To request reprint permission for any of our publications, please use our Contact Us form via the link below. The views set forth herein are the personal views of the author and do not necessarily reflect those of the firm. This site may contain hypertext links to information created and maintained by other entities. Carlton Fields does not control or guarantee the accuracy or completeness of this outside information, nor is the inclusion of a link to be intended as an endorsement of those outside sites.

Subscribe to Publications


The information on this website is presented as a service for our clients and Internet users and is not intended to be legal advice, nor should you consider it as such. Although we welcome your inquiries, please keep in mind that merely contacting us will not establish an attorney-client relationship between us. Consequently, you should not convey any confidential information to us until a formal attorney-client relationship has been established. Please remember that electronic correspondence on the internet is not secure and that you should not include sensitive or confidential information in messages. With that in mind, we look forward to hearing from you.