[BreachExchange] Data Breach Class Action Case Dismissed Against Barnes & Noble

Audrey McNeil audrey at riskbasedsecurity.com
Mon Oct 10 18:54:26 EDT 2016


http://www.jdsupra.com/legalnews/data-breach-class-
action-case-dismissed-12038/

A federal judge in Illinois dismissed the class action lawsuit filed
against Barnes & Noble stemming from a data breach in 2013. The breach
occurred when credit and debit card PIN pads were compromised at 63 Barnes
& Noble stores.

The Judge found that the consumers did not plead sufficient harm in order
to state a claim against Barnes & Noble and were unable to provide facts in
support of all five claims in the suit. The case was dismissed pursuant to
Federal Rule of Civil Procedure 12(b)(6).

Although one of the named plaintiffs was able to show that there was a
fraudulent charge made on her credit card, she was unable to show that she
suffered any out of pocket damages. She further held that “plaintiffs’
claim that they face an increased risk of future identity theft and must
spend money to mitigate that risk is also insufficient to state a claim
under ICFA” (the Illinois Consumer Fraud and Deceptive Business Practices
Act).

The Judge further found no merit in the plaintiffs’ claims that they
overpaid for the goods as they didn’t receive the security protections that
they expected, the loss of the value of their data, anxiety, and time spent
decreasing the risk of identity theft.

Finally, the Judge rejected the plaintiffs’ invasion of privacy claim as
the plaintiffs were unable to show that “highly offensive” private facts
were publicly disclosed. According to the Judge “The amended complaint
contains no allegation that the exposed PII was widely published; in fact,
… the only people who would have had access to the stolen PII would be the
skimmers, and potentially whatever third parties to which they sold the
PII” and therefore, “The court cannot find that plaintiffs adequately
alleged public disclosure give the limited number of people that would have
seen the PII as pleaded…”

The case was dismissed without prejudice, and the plaintiffs have until
October 31 to restate their claims.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161010/73d37e63/attachment.html>


More information about the BreachExchange mailing list