New York Team Obtains Dismissal of Data Breach Class Action


October 2020

New York partner Joseph Salvo and associate John Mills obtained a voluntary dismissal of a putative class action following submission of a motion to dismiss against the firm’s client, a health care administration company specializing in self-pay conversion and insurance eligibility services.

Earlier this year, the firm’s client suffered a data security incident, including ransomware.  The plaintiffs, represented by a prominent firm specializing in data breach class action litigation – thereafter brought suit on behalf of a putative class of approximately 58,000 individuals.  The complaint alleged causes of action sounding in negligence, negligence per se, breach of contract, breach of fiduciary duty, intrusion upon seclusion/invasion of privacy, and breach of contract, arising from the data security incident and the defendants’ alleged failure to implement adequate and reasonable cyber security procedures and protocols necessary to protect the plaintiffs’ personal information. 

The Gordon & Rees team moved to dismiss the claim, arguing that the plaintiffs lacked standing to bring suit because they did not allege that they suffered any injury-in-fact.  Specifically, the team argued that the plaintiffs’ fear of future identity theft and financial harm, out-of-pocket costs for mitigative measures, and loss of value of personal information were not sufficient injuries-in-fact which did not allow the complaint to proceed.  The plaintiffs, in lieu of filing opposition to the motion, filed a notice of voluntary dismissal discontinuing the action against the firm’s client.

The issue of standing in data breach litigation is hotly contested, and certainly one at the forefront of the plaintiffs’ bar in the wake of the increasing cyber attacks as a result of COVID-19

The Gordon & Rees Cyber, Privacy & Data Security team looks forward to continuing to achieve favorable results on behalf of its clients.